Vulnerability Details CVE-2022-4874
Authentication bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows an unauthenticated user to access content. In order to serve static content, the application performs a check for the existence of specific characters in the URL (.css, .png etc). If it exists, it performs a "fake login" to give the request an active session to load the file and not redirect to the login page.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.6%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2022-4874
-
cpe:2.3:h:netcommwireless:nf20:-
-
cpe:2.3:h:netcommwireless:nf20mesh:-
-
cpe:2.3:h:netcommwireless:nl1902:-
-
cpe:2.3:o:netcommwireless:nf20_firmware:-
-
cpe:2.3:o:netcommwireless:nf20mesh_firmware:-
-
cpe:2.3:o:netcommwireless:nl1902_firmware:-