← voltar
CVE-2022-4874

Authenticated bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows unauthenticated user to get access to content.

CVSS 7.5 HIGHEPSS 11.0%
Vexday Risk Score
26Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 7.5EPSS 11.0%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
11 jan 2023Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Authentication bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows an unauthenticated user to access content. In order to serve static content, the application performs a check for the existence of specific characters in the URL (.css, .png etc). If it exists, it performs a "fake login" to give the request an active session to load the file and not redirect to the login page.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N