Authentication bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows an unauthenticated user to access content. In order to serve static content, the application performs a check for the existence of specific characters in the URL (.css, .png etc). If it exists, it performs a "fake login" to give the request an active session to load the file and not redirect to the login page.
History

Wed, 09 Apr 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: certcc

Published:

Updated: 2025-04-09T14:14:13.898Z

Reserved: 2023-01-04T14:23:54.409Z

Link: CVE-2022-4874

cve-icon Vulnrichment

Updated: 2024-08-03T01:55:46.021Z

cve-icon NVD

Status : Modified

Published: 2023-01-11T21:15:10.373

Modified: 2025-04-09T15:15:55.690

Link: CVE-2022-4874

cve-icon Redhat

No data.