Exploitation Summary
CVE-2022-4874 has been observed exploited in the wild (reported by InTheWild.io).
Description
Authentication bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows an unauthenticated user to access content. In order to serve static content, the application performs a check for the existence of specific characters in the URL (.css, .png etc). If it exists, it performs a "fake login" to give the request an active session to load the file and not redirect to the login page.
References (2)
Core 2
Core References
Exploit, Third Party Advisory
https://github.com/scarvell/advisories/blob/main/2022_netcomm_nf20mesh_unauth_rce.md
Third Party Advisory, US Government Resource
https://www.kb.cert.org/vuls/id/986018
Scores
CVSS v3
7.5
EPSS
0.1101
EPSS Percentile
95.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
InTheWild.io
2023-01-18
CWE
CWE-287
Status
published
Products (3)
netcommwireless/nf20_firmware
< r6b025
netcommwireless/nf20mesh_firmware
< r6b025
netcommwireless/nl1902_firmware
< r6b025
Published
Jan 11, 2023
Tracked Since
Feb 18, 2026