Lucene search
CertccCVELIST:CVE-2022-4874HistoryJan 11, 2023 - 8:39 p.m.
CVE-2022-4874 Authenticated bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows unauthenticated user to get access to content.
2023-01-1120:39:25
certcc
www.cve.org
netcomm router
authenticated bypass
nf20mesh
nf20
nl1902
static content
fake login
vulnerability
Authentication bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows an unauthenticated user to access content. In order to serve static content, the application performs a check for the existence of specific characters in the URL (.css, .png etc). If it exists, it performs a “fake login” to give the request an active session to load the file and not redirect to the login page.
CNA Affected
[
{
"vendor": "Netcomm",
"product": "NF20",
"versions": [
{
"status": "affected",
"version": "R6B025"
}
]
},
{
"vendor": "Netcomm",
"product": "NF20MESH",
"versions": [
{
"status": "affected",
"version": "R6B025"
}
]
},
{
"vendor": "Netcomm",
"product": "NL1902",
"versions": [
{
"status": "affected",
"version": "R6B025"
}
]
}
]Related
prion
prion
Authentication flaw
2023-01-11 21:15:00
attackerkb
attackerkb
CVE-2022-4874
2023-01-11 00:00:00
nvd
nvd
CVE-2022-4874
2023-01-11 21:15:10
cve
cve
CVE-2022-4874
2023-01-11 21:15:10
cert
cert
New Netcomm router models NF20MESH, NF20, and NL1902 vulnerabilities
2023-01-17 00:00:00
thn
thn
Critical Security Vulnerabilities Discovered in Netcomm and TP-Link Routers
2023-01-18 10:20:00