CVE-2022-4874

Name of the Vulnerable Software and Affected Versions Netcomm NF20 versions Netcomm NF20MESH versions Netcomm NL1902 versions

Description The issue is related to an authentication bypass in the Netcomm router models. This allows an unauthenticated user to access content. The application checks for specific characters in the URL, such as .css or .png, and performs a "fake login" to give the request an active session, allowing the file to be loaded without redirecting to the login page.

Recommendations For Netcomm NF20, consider disabling access to static content until a patch is available. For Netcomm NF20MESH, restrict access to the application's URL checking functionality to minimize the risk of exploitation. For Netcomm NL1902, avoid using the "fake login" mechanism for serving static content until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.