HIGH🇬🇧 English

CVE-2022-4874

CVSS 7.5v3.1pub. 2023-01-11upd. 2025-11-04

Authentication bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows an unauthenticated user to access content. In order to serve static content, the application performs a check for the existence of specific characters in the URL (.css, .png etc). If it exists, it performs a "fake login" to give the request an active session to load the file and not redirect to the login page.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Netcommwireless Nf20

    HW
    Netcommwireless
    wszystkie wersje
  • Netcommwireless Nf20 Firmware

    OS
    Netcommwireless
    < r6b025
  • Netcommwireless Nf20mesh

    HW
    Netcommwireless
    wszystkie wersje
  • Netcommwireless Nf20mesh Firmware

    OS
    Netcommwireless
    < r6b025
  • Netcommwireless Nl1902

    HW
    Netcommwireless
    wszystkie wersje
  • Netcommwireless Nl1902 Firmware

    OS
    Netcommwireless
    < r6b025
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Auth Bypass
CWE
Referencje

Powiązane podatności

CVE-2022-4873CRITICAL9.8ten sam produkt

On Netcomm router models NF20MESH, NF20, and NL1902 a stack based buffer overflow affects the sessionKey param...

CVE-2015-6024CRITICAL9.8ten sam vendor

ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 al...

CVE-2018-14782HIGH7.5ten sam vendor

NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The device allo...

CVE-2018-14783HIGH8.8ten sam vendor

NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. A cross-site re...

CVE-2018-14785HIGH7.5ten sam vendor

NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The directory o...

CVE-2022-4874 — HIGH 7.5 | CVEbaza.pl