Netcommwireless Nf20 Firmware vulnerabilities
2 known vulnerabilities affecting netcommwireless/nf20_firmware.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
2
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2022-4873P2CRITICALCVSS 9.8Exploitedfixed in r6b0252023-01-11
CVE-2022-4873 [CRITICAL] CWE-787 CVE-2022-4873: On Netcomm router models NF20MESH, NF20, and NL1902 a stack based buffer overflow affects the sessio
On Netcomm router models NF20MESH, NF20, and NL1902 a stack based buffer overflow affects the sessionKey parameter. By providing a specific number of bytes, the instruction pointer is able to be overwritten on the stack and crashes the application at a known location.
nvd
CVE-2022-4874P3HIGHCVSS 7.5Exploitedfixed in r6b0252023-01-11
CVE-2022-4874 [HIGH] CWE-287 CVE-2022-4874: Authentication bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows an unauthenticated
Authentication bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows an unauthenticated user to access content. In order to serve static content, the application performs a check for the existence of specific characters in the URL (.css, .png etc). If it exists, it performs a "fake login" to give the request an active session to load the file
nvd