6 matches found
CVE-2022-4985
Vodafone H500s devices running firmware v3.5.10 hardware model Sercomm VFH500 expose the WiFi access point password via an unauthenticated HTTP endpoint. By sending a crafted GET request to /data/activation.json with specific headers and cookies, a remote attacker can retrieve a JSON document tha...
CVE-2022-4985
Vodafone H500s devices running firmware v3.5.10 hardware model Sercomm VFH500 expose the WiFi access point password via an unauthenticated HTTP endpoint. By sending a crafted GET request to /data/activation.json with specific headers and cookies, a remote attacker can retrieve a JSON document tha...
CVE-2022-4985 Vodafone H500s WiFi Password Disclosure via activation.json
Vodafone H500s devices running firmware v3.5.10 hardware model Sercomm VFH500 expose the WiFi access point password via an unauthenticated HTTP endpoint. By sending a crafted GET request to /data/activation.json with specific headers and cookies, a remote attacker can retrieve a JSON document tha...
CVE-2022-4985
CVE-2022-4985 affects Vodafone H500s routers with firmware v3.5.10 (Sercomm VFH500). An unauthenticated HTTP GET to /data/activation.json with crafted headers/cookies discloses a JSON payload containing wifi_password, enabling remote attackers to obtain Wi‑Fi credentials and gain unauthorized net...
Vodafone H500s 安全漏洞
Vodafone H500s is a WiFi router from Vodafone UK. A security vulnerability exists in Vodafone H500s version v3.5.10 that originates from an unauthenticated HTTP endpoint exposing the WiFi password, which could lead to unauthorized access to the wireless network...
PT-2025-47023
Name of the Vulnerable Software and Affected Versions Vodafone H500s devices version 3.5.10 Description Vodafone H500s devices running firmware version 3.5.10 hardware model Sercomm VFH500 have an issue where the WiFi access point password is exposed through an unauthenticated HTTP endpoint. An...