CVE-2025-9581— Comfast CF-N1 webmgnt multi_pppoe command injection

CVSS 6.3 · Medium EPSS 0.60% · P69 Updated Aug 29, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-9581

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Comfast CF-N1 webmgnt multi_pppoe command injection

Source: NVD (National Vulnerability Database)

Vulnerability Description

A vulnerability was detected in Comfast CF-N1 2.6.0. This impacts the function multi_pppoe of the file /usr/bin/webmgnt. Performing manipulation of the argument phy_interface results in command injection. The attack may be initiated remotely. The exploit is now public and may be used.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Source: NVD (National Vulnerability Database)

Vulnerability Type

在命令中使用的特殊元素转义处理不恰当(命令注入)

Source: NVD (National Vulnerability Database)

Vulnerability Title

COMFAST CF-N1 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

COMFAST CF-N1是中国四海众联（COMFAST）公司的一款无线路由器。 COMFAST CF-N1 2.6.0版本存在安全漏洞，该漏洞源于对文件/usr/bin/webmgnt中参数phy_interface的错误操作导致命令注入。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Comfast	CF-N1	2.6.0	-

II. Public POCs for CVE-2025-9581

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-9581

请登录查看更多情报信息。

https://nvd.nist.gov/vuln/detail/CVE-2025-9581

Same Patch Batch · Comfast · 2025-08-28 · 6 CVEs total

CVE-2025-9582	6.3 MEDIUM	Comfast CF-N1 webmgnt ntp_timezone command injection
CVE-2025-9586	6.3 MEDIUM	Comfast CF-N1 webmgnt wireless_device_dissoc command injection
CVE-2025-9584	6.3 MEDIUM	Comfast CF-N1 webmgnt update_interface_png command injection
CVE-2025-9585	6.3 MEDIUM	Comfast CF-N1 webmgnt wifilith_delete_pic_file command injection
CVE-2025-9583	6.3 MEDIUM	Comfast CF-N1 webmgnt ping_config command injection

IV. Related Vulnerabilities

Same product: CF-N1

Same vendor: Comfast

Same weakness: CWE-77

V. Comments for CVE-2025-9581

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2025-9581— Comfast CF-N1 webmgnt multi_pppoe command injection

I. Basic Information for CVE-2025-9581

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2025-9581

III. Intelligence Information for CVE-2025-9581

Same Patch Batch · Comfast · 2025-08-28 · 6 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2025-9581

Leave a comment