CVE-2026-35018

NetComm NF20MESH routers running firmware R6B031 and earlier contain an authenticated remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands as root by injecting shell metacharacters into the username JSON parameter processed by the...

CVE-2026-35019

NetComm NF20MESH routers with firmware R6B031 and earlier are affected by an authentication bypass in the web management interface. The root cause is a hardcoded AES-256 key used to encrypt session cookies; an attacker can forge a valid encrypted cookie with the shared key to bypass authenticatio...

CVE-2026-35019 NetComm NF20MESH < R6B032 Hardcoded AES Key Authentication Bypass

NetComm NF20MESH routers running firmware R6B031 and earlier contain an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by exploiting a hardcoded AES-256 key used to encrypt session cookies for the web management interface. Attackers can for...

CVE-2026-35018 NetComm NF20MESH < R6B032 Authenticated RCE via OS Command Injection

NetComm NF20MESH routers running firmware R6B031 and earlier contain an authenticated remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands as root by injecting shell metacharacters into the username JSON parameter processed by the...

CVE-2026-35018

NetComm NF20MESH routers running firmware R6B031 and earlier are affected by an authenticated remote code execution vulnerability. The flaw resides in dalStorage_addUserAccount where shell metacharacters injected into the username JSON parameter are unsafely concatenated into a shell command stri...

EUVD-2026-38452

NetComm NF20MESH routers running firmware R6B031 and earlier contain an authenticated remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands as root by injecting shell metacharacters into the username JSON parameter processed by the...

The vulnerability of the microprogrammed software of Netcomm NF20, NF20MESH, and NL1902 lies in buffer overflows in the stack, allowing an attacker to execute arbitrary code.

The vulnerability of the microprogrammed software of Netcomm NF20, NF20MESH, and NL1902 is related to buffer overflow in the stack. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Critical Security Vulnerabilities Discovered in Netcomm and TP-Link Routers

Security vulnerabilities have been disclosed in Netcomm and TP-Link routers, some of which could be weaponized to achieve remote code execution. The flaws, tracked as CVE-2022-4873 and CVE-2022-4874, concern a case of stack-based buffer overflow and authentication bypass and impact Netcomm router...

CVE-2022-4873

On Netcomm router models NF20MESH, NF20, and NL1902 a stack based buffer overflow affects the sessionKey parameter. By providing a specific number of bytes, the instruction pointer is able to be overwritten on the stack and crashes the application at a known location...

Authentication flaw

Authentication bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows an unauthenticated user to access content. In order to serve static content, the application performs a check for the existence of specific characters in the URL .css, .png etc. If it exists, it performs a "fake logi...

Stack overflow

On Netcomm router models NF20MESH, NF20, and NL1902 a stack based buffer overflow affects the sessionKey parameter. By providing a specific number of bytes, the instruction pointer is able to be overwritten on the stack and crashes the application at a known location...

CVE-2022-4873

CVE-2022-4873 is a stack-based buffer overflow in the Netcomm NF20MESH, NF20, and NL1902 sessionKey handling that can overwrite the instruction pointer and crash the app. Related CVE-2022-4874 is an authentication bypass; together these flaws enable remote code execution when exploited in affecte...

CVE-2022-4874 Authenticated bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows unauthenticated user to get access to content.

Authentication bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows an unauthenticated user to access content. In order to serve static content, the application performs a check for the existence of specific characters in the URL .css, .png etc. If it exists, it performs a "fake logi...

CVE-2022-4874

CVE-2022-4874 affects Netcomm NF20MESH, NF20 and NL1902 router models. An authentication bypass exists where the app serves static content by checking the URL for specific characters (e.g., .css, .png) and performing a “fake login” to grant a active session, allowing unauthenticated access to con...

Netcomm路由器 缓冲区错误漏洞

The Netcomm NF20 and Netcomm NF20MESH are both routers from Netcomm Australia. The Netcomm routers have a security vulnerability that stems from its sessionKey parameter that allows an attacker to achieve a stack-based buffer overflow and crash an application at a known location by supplying a...

PT-2023-1320 · Netcomm · Netcomm Nf20Mesh +2

Name of the Vulnerable Software and Affected Versions: Netcomm NF20 versions Netcomm NF20MESH versions Netcomm NL1902 versions Description: The issue is related to an authentication bypass in the Netcomm router models. This allows an unauthenticated user to access content. The application checks...

PT-2022-6233 · Netcomm · Netcomm Nf20Mesh +2

Name of the Vulnerable Software and Affected Versions: Netcomm NF20MESH versions Netcomm NF20 versions Netcomm NL1902 versions Description: A stack-based buffer overflow issue affects the sessionKey parameter, allowing a remote attacker to potentially execute arbitrary code by providing a specifi...