CVE-2022-4985

HIGH

Vodafone H500s <3.5.10 - Info Disclosure

Title source: llm

Description

Vodafone H500s devices running firmware v3.5.10 (hardware model Sercomm VFH500) expose the WiFi access point password via an unauthenticated HTTP endpoint. By sending a crafted GET request to /data/activation.json with specific headers and cookies, a remote attacker can retrieve a JSON document that contains the wifi_password field. This allows an unauthenticated attacker to obtain the WiFi credentials and gain unauthorized access to the wireless network, compromising confidentiality of network traffic and attached systems.

Exploits (1)

exploitdb WORKING POC

by Daniel Monzón · pythonwebappshardware

https://www.exploit-db.com/exploits/50636

View Code ZIP pw:eip

References (4)

[Various Sources] https://help.vodacom.co.za/personal/home/61/9493/1023659/Vodafone-H500s-WiFi-router

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/50636

[Issue Tracking] https://cxsecurity.com/issue/WLB-2022010024

[Third Party Advisory] https://www.vulncheck.com/advisories/vodafone-h500s-wifi-password-disclosure-via-activation-json

Scores

CVSS v4 8.7

EPSS 0.0017

EPSS Percentile 38.1%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Details

CWE

CWE-497

Status published

Products (1)

Vodacom/Vodafone H500s < 3.5.10

Published Nov 14, 2025

Tracked Since Feb 18, 2026