CVE-2022-4874 Information

Description

Authentication bypass in Netcomm router models NF20MESH NF20 and NL1902 allows an unauthenticated user to access content. In order to serve static content the application performs a check for the existence of specific characters in the URL (.css .png etc). If it exists it performs a ake login\ to give the request an active session to load the file and not redirect to the login page.

Reference

https://github.com/scarvell/advisories/blob/main/2022_netcomm_nf20mesh_unauth_rce.md