VDB
CVE-2022-4874
CVE-2022-4874
PUBLISHED
CVSS 7.5 HIGH
Authentication bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows an unauthenticated user to access content. In order to serve static content, the application performs a check for the existence of specific characters in the URL (.css, .png etc). If it exists, it performs a "fake login" to give the request an active session to load the file and not redirect to the login page.
EPSS 0.84% · 75.1th percentile
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.84%
75.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netcomm | NF20 | R6B025 |
| Netcomm | NL1902 | R6B025 |
| netcommwireless | nf20mesh_firmware | 0 |
| Netcomm | NF20MESH | R6B025 |
| netcommwireless | nf20_firmware | 0 |
| netcommwireless | nl1902_firmware | 0 |
Timeline
- Jan 11, 2023 CVE Published
- Jan 12, 2023 EPSS Score
- Feb 22, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 4, 2023 EPSS Score
- May 14, 2023 EPSS Score
- Jun 24, 2023 EPSS Score
- Aug 4, 2023 EPSS Score
- Sep 14, 2023 EPSS Score
- Dec 5, 2023 EPSS Score
- Jan 14, 2024 EPSS Score
- Feb 24, 2024 EPSS Score