ByteOS Network

CF-N1 V2

Source -

CNA

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2026-2535

Assigner-VulDB

View Details

Assigner-VulDB

CVSS Score-5.3||MEDIUM

EPSS-0.84% / 74.31%

7 Day CHG~0.00%

Published-16 Feb, 2026 | 04:32

Updated-16 Feb, 2026 | 05:16

Comfast CF-N1 V2 mbox-config sub_44AB9C command injection

A vulnerability was found in Comfast CF-N1 V2 2.6.0.2. The impacted element is the function sub_44AB9C of the file /cgi-bin/mbox-config?method=SET&section=ptest_channel. The manipulation of the argument channel results in command injection. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor-Comfast

Product-CF-N1 V2

CWE ID-CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CVE-2026-2534

Assigner-VulDB

View Details

Assigner-VulDB

CVSS Score-5.3||MEDIUM

EPSS-0.84% / 74.31%

7 Day CHG~0.00%

Published-16 Feb, 2026 | 04:02

Updated-16 Feb, 2026 | 04:15

Comfast CF-N1 V2 mbox-config sub_44AC4C command injection

A vulnerability has been found in Comfast CF-N1 V2 2.6.0.2. The affected element is the function sub_44AC4C of the file /cgi-bin/mbox-config?method=SET&section=ptest_bandwidth. The manipulation of the argument bandwidth leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor-Comfast

Product-CF-N1 V2

CWE ID-CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')