Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/11/17 6:4 a.m.10 views

CVE-2022-4985

Vodafone H500s devices running firmware v3.5.10 hardware model Sercomm VFH500 expose the WiFi access point password via an unauthenticated HTTP endpoint. By sending a crafted GET request to /data/activation.json with specific headers and cookies, a remote attacker can retrieve a JSON document tha...

8.7CVSS7.3AI score0.00411EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/14 10:49 p.m.8 views

CVE-2022-4985 Vodafone H500s WiFi Password Disclosure via activation.json

Vodafone H500s devices running firmware v3.5.10 hardware model Sercomm VFH500 expose the WiFi access point password via an unauthenticated HTTP endpoint. By sending a crafted GET request to /data/activation.json with specific headers and cookies, a remote attacker can retrieve a JSON document tha...

8.7CVSS0.00411EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/11/14 10:49 p.m.6 views

CVE-2022-4985 Vodafone H500s WiFi Password Disclosure via activation.json

Vodafone H500s devices running firmware v3.5.10 hardware model Sercomm VFH500 expose the WiFi access point password via an unauthenticated HTTP endpoint. By sending a crafted GET request to /data/activation.json with specific headers and cookies, a remote attacker can retrieve a JSON document tha...

8.7CVSS6.9AI score0.00411EPSS
Exploits0References4
CVE
CVE
added 2025/11/14 10:49 p.m.13 views

CVE-2022-4985

CVE-2022-4985 affects Vodafone H500s routers with firmware v3.5.10 (Sercomm VFH500). An unauthenticated HTTP GET to /data/activation.json with crafted headers/cookies discloses a JSON payload containing wifi_password, enabling remote attackers to obtain Wi‑Fi credentials and gain unauthorized net...

8.7CVSS6.9AI score0.00411EPSS
Exploits0References4
Rows per page
Query Builder