Authentication bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows an unauthenticated user to access content. In order to serve static content, the application performs a check for the existence of specific characters in the URL (.css, .png etc). If it exists, it performs a "fake login" to give the request an active session to load the file and not redirect to the login page.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NNetcommwireless Nf20
HWNetcommwirelesswszystkie wersjeNetcommwireless Nf20 Firmware
OSNetcommwireless< r6b025Netcommwireless Nf20mesh
HWNetcommwirelesswszystkie wersjeNetcommwireless Nf20mesh Firmware
OSNetcommwireless< r6b025Netcommwireless Nl1902
HWNetcommwirelesswszystkie wersjeNetcommwireless Nl1902 Firmware
OSNetcommwireless< r6b025
Powiązane podatności
On Netcomm router models NF20MESH, NF20, and NL1902 a stack based buffer overflow affects the sessionKey param...
ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 al...
NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The device allo...
NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. A cross-site re...
NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The directory o...