Key Information Vulnerability Overview Vulnerability Type: Command Injection Affected Device: COMFAST CF-N1 V2 (Firmware Version V2.6.0) CVE ID: CVE-2022-9582 Impact: Allows execution of arbitrary system commands, reading sensitive files, or full control over the device. Technical Details Vulnerable Function: Vulnerable Parameter: Root Cause: The user-supplied parameter is inserted directly into a system command without validation, leading to command injection. Exploitation Method PoC: By sending a specific POST request, an attacker can write a test file to the device. Example Request: Verification Method After sending the above POST request, access the file . If the content is "Haha Time", the command injection is confirmed successful. Additional Information Vendor: COMFAST Product Website: http://www.comfast.cn/ Firmware Download Link: http://www.comfast.com.cn/index.php?m=content&c=index&a=show&catid=31&id=772 Reporter: n0ps1cd (n0ps1cd@gmail.com)