Description
A security flaw has been discovered in Comfast CF-N1-S 2.6.0.1. Affected by this issue is some unknown functionality of the file /cgi-bin/mbox-config?method=SET&section=ping_config of the component Endpoint. Performing a manipulation of the argument destination results in command injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-04-21
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Command Injection
Action: Assess Impact
AI Analysis

Impact

A command injection flaw exists in the /cgi-bin/mbox-config?method=SET&section=ping_config endpoint of Comfast CF‑N1‑S routers. By manipulating the destination argument, an attacker can inject arbitrary shell commands through a remote HTTP interface. The CVE description explicitly states that the exploit is publicly available and can be launched remotely, indicating that the vulnerability can be triggered from outside the local network. Because no authentication requirement is detailed in the description, it is inferred that the command injection does not require prior login or privileged credentials and can be exploited purely via crafted HTTP requests. Successful exploitation would allow an attacker to execute any shell command, thereby achieving remote code execution or persistent compromise of the device.

Affected Systems

The vulnerability is confirmed on Comfast CF‑N1‑S firmware version 2.6.0.1. No other variants or firmware revisions are listed as affected in the CVE data.

Risk and Exploitability

The CVSS score of 5.3 denotes a moderate severity. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog, but the existence of a public exploit and the inferred lack of authentication requirements means that remote attackers can easily target affected routers. The risk is amplified by the vendor’s lack of response, leaving devices exposed until a patch or workaround is deployed.

Generated by OpenCVE AI on April 22, 2026 at 06:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any vendor-released firmware update that addresses the command injection issue once it becomes available.
  • Use network segmentation or firewall rules to restrict external access to the router’s management Web interface, allowing only trusted internal hosts to reach the /cgi-bin/mbox-config endpoint.
  • If the router firmware does not provide a patch, consider disabling the vulnerable endpoint or the entire web management interface, and isolate the device on a secure VLAN that is not reachable from the broader Internet.

Generated by OpenCVE AI on April 22, 2026 at 06:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 22 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Comfast
Comfast cf-n1-s
Vendors & Products Comfast
Comfast cf-n1-s

Wed, 22 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Description A security flaw has been discovered in Comfast CF-N1-S 2.6.0.1. Affected by this issue is some unknown functionality of the file /cgi-bin/mbox-config?method=SET&section=ping_config of the component Endpoint. Performing a manipulation of the argument destination results in command injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Title Comfast CF-N1-S Endpoint mbox-config command injection
Weaknesses CWE-74
CWE-77
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Comfast Cf-n1-s
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-22T12:19:06.935Z

Reserved: 2026-04-21T14:43:41.714Z

Link: CVE-2026-6799

cve-icon Vulnrichment

Updated: 2026-04-22T12:19:03.304Z

cve-icon NVD

Status : Received

Published: 2026-04-21T22:16:20.510

Modified: 2026-04-21T22:16:20.510

Link: CVE-2026-6799

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T11:45:06Z

Weaknesses