CVE-2022-4874

Summary

Authentication bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows an unauthenticated user to access content. In order to serve static content, the application performs a check for the existence of specific characters in the URL (.css, .png etc). If it exists, it performs a "fake login" to give the request an active session to load the file and not redirect to the login page.

Affected Software

VendorProductVersion RangeStatus
NetcommNF20R6B025affected
NetcommNF20MESHR6B025affected
NetcommNL1902R6B025affected

Weaknesses

  • CWE-288

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References