4 matches found
CVE-2022-4985
Vodafone H500s devices running firmware v3.5.10 hardware model Sercomm VFH500 expose the WiFi access point password via an unauthenticated HTTP endpoint. By sending a crafted GET request to /data/activation.json with specific headers and cookies, a remote attacker can retrieve a JSON document tha...
CVE-2022-4985 Vodafone H500s WiFi Password Disclosure via activation.json
Vodafone H500s devices running firmware v3.5.10 hardware model Sercomm VFH500 expose the WiFi access point password via an unauthenticated HTTP endpoint. By sending a crafted GET request to /data/activation.json with specific headers and cookies, a remote attacker can retrieve a JSON document tha...
CVE-2022-4985 Vodafone H500s WiFi Password Disclosure via activation.json
Vodafone H500s devices running firmware v3.5.10 hardware model Sercomm VFH500 expose the WiFi access point password via an unauthenticated HTTP endpoint. By sending a crafted GET request to /data/activation.json with specific headers and cookies, a remote attacker can retrieve a JSON document tha...
CVE-2022-4985
CVE-2022-4985 affects Vodafone H500s routers with firmware v3.5.10 (Sercomm VFH500). An unauthenticated HTTP GET to /data/activation.json with crafted headers/cookies discloses a JSON payload containing wifi_password, enabling remote attackers to obtain Wi‑Fi credentials and gain unauthorized net...