Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
Comfast CF-N1 V2: Remote Code Execution via Config File
CVE-2026-2534
Summary
The Comfast CF-N1 V2 has a security flaw that allows an attacker to execute malicious code remotely. This could potentially allow an attacker to take control of the device or disrupt its operation. It's recommended to update to a fixed version of the software or replace the device if possible.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| comfast | cf-n1_firmware | 2.6.0.2 | – |
Original title
A vulnerability has been found in Comfast CF-N1 V2 2.6.0.2. The affected element is the function sub_44AC4C of the file /cgi-bin/mbox-config?method=SET§ion=ptest_bandwidth. The manipulation of ...
Original description
A vulnerability has been found in Comfast CF-N1 V2 2.6.0.2. The affected element is the function sub_44AC4C of the file /cgi-bin/mbox-config?method=SET§ion=ptest_bandwidth. The manipulation of the argument bandwidth leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
6.5
nvd CVSS3.1
8.8
nvd CVSS4.0
5.3
Vulnerability type
CWE-74
Injection
CWE-77
Command Injection
- https://github.com/jinhao118/cve/blob/main/ComFast%20Router_1.md Exploit Third Party Advisory
- https://vuldb.com/?ctiid.346122 Permissions Required VDB Entry
- https://vuldb.com/?id.346122 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.748783 Third Party Advisory VDB Entry
Published: 16 Feb 2026 · Updated: 10 Mar 2026 · First seen: 6 Mar 2026