{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-24T21:19:37.346","vulnerabilities":[{"cve":{"id":"CVE-2022-4874","sourceIdentifier":"cret@cert.org","published":"2023-01-11T21:15:10.373","lastModified":"2025-11-04T20:16:15.693","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Authentication bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows an unauthenticated user to access content. In order to serve static content, the application performs a check for the existence of specific characters in the URL (.css, .png etc). If it exists, it performs a \"fake login\" to give the request an active session to load the file and not redirect to the login page."},{"lang":"es","value":"La omisión de autenticación en los modelos de router Netcomm NF20MESH, NF20 y NL1902 permite que un usuario no autenticado acceda al contenido. Para ofrecer contenido estático, la aplicación verifica la existencia de caracteres específicos en la URL (.css, .png, etc.). Si existe, realiza un \"inicio de sesión falso\" para darle a la solicitud una sesión activa para cargar el archivo y no redirigir a la página de inicio de sesión."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netcommwireless:nf20_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"r6b025","matchCriteriaId":"447DAC30-D02D-43A7-9C11-9B29D3AE6292"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netcommwireless:nf20:-:*:*:*:*:*:*:*","matchCriteriaId":"C9BF282B-6B02-492D-A248-80D6C5DD0B50"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netcommwireless:nf20mesh_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"r6b025","matchCriteriaId":"492B3CE0-A18A-4D6E-A20F-5CD00D8FC234"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netcommwireless:nf20mesh:-:*:*:*:*:*:*:*","matchCriteriaId":"79CF62CC-4353-4090-8D85-5F8126A029EB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netcommwireless:nl1902_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"r6b025","matchCriteriaId":"131C4DCD-D115-40AE-A53D-2C3B4799CBD5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netcommwireless:nl1902:-:*:*:*:*:*:*:*","matchCriteriaId":"B02578F1-96D9-4A0C-A27E-F08518A7CA55"}]}]}],"references":[{"url":"https://github.com/scarvell/advisories/blob/main/2022_netcomm_nf20mesh_unauth_rce.md","source":"cret@cert.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/scarvell/advisories/blob/main/2022_netcomm_nf20mesh_unauth_rce.md","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.kb.cert.org/vuls/id/986018","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}