CVE-2022-4874
Authenticated bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows unauthenticated user to get access to content.
Vexday Risk Score
26Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.5EPSS 11.0%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
11 Jan 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Authentication bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows an unauthenticated user to access content. In order to serve static content, the application performs a check for the existence of specific characters in the URL (.css, .png etc). If it exists, it performs a "fake login" to give the request an active session to load the file and not redirect to the login page.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N