7.5
CVE-2022-4874
- EPSS 11.01%
- Veröffentlicht 11.01.2023 21:15:10
- Zuletzt bearbeitet 04.11.2025 20:16:15
- Quelle cret@cert.org
- CVE-Watchlists
- Unerledigt
LoginAuthenticated bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows unauthenticated user to get access to content.
Authentication bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows an unauthenticated user to access content. In order to serve static content, the application performs a check for the existence of specific characters in the URL (.css, .png etc). If it exists, it performs a "fake login" to give the request an active session to load the file and not redirect to the login page.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Netcommwireless ≫ Nf20 Firmware Version < r6b025
Netcommwireless ≫ Nf20mesh Firmware Version < r6b025
Netcommwireless ≫ Nl1902 Firmware Version < r6b025
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 11.01% | 0.953 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
https://github.com/scarvell/advisories/blob/main/2022_netcomm_nf20mesh_unauth_rce.md
https://www.kb.cert.org/vuls/id/986018