Authentication Bypass Vulnerability in Netcomm Router Models NF20MESH, NF20, and NL1902

Authentication Bypass Vulnerability in Netcomm Router Models NF20MESH, NF20, and NL1902

CVE-2022-4874 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Authentication bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows an unauthenticated user to access content. In order to serve static content, the application performs a check for the existence of specific characters in the URL (.css, .png etc). If it exists, it performs a "fake login" to give the request an active session to load the file and not redirect to the login page.

Learn more about our User Device Pen Test.