Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2022-4874

Exploited in the Wild
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Authentication bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows an unauthenticated user to access content. In order to serve static content, the application performs a check for the existence of specific characters in the URL (.css, .png etc). If it exists, it performs a “fake login” to give the request an active session to load the file and not redirect to the login page.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

General Information

Vendors

  • Netcomm

Products

  • NF20,
  • NF20MESH,
  • NL1902

Exploited in the Wild

Reported by:

Additional Info

Technical Analysis