CVE-2022-4985P2HIGHCVSS 8.7≤ 3.5.102025-11-14
CVE-2022-4985 [HIGH] CWE-497 CVE-2022-4985: Vodafone H500s devices running firmware v3.5.10 (hardware model Sercomm VFH500) expose the WiFi acce
Vodafone H500s devices running firmware v3.5.10 (hardware model Sercomm VFH500) expose the WiFi access point password via an unauthenticated HTTP endpoint. By sending a crafted GET request to /data/activation.json with specific headers and cookies, a remote attacker can retrieve a JSON document that contains the wifi_password field. This allows an unaut
nvd