CVE-2022-4985

HIGH

Vodafone H500s <3.5.10 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-4985. PoCs published by Daniel Monzón.

AI-analyzed exploit summary This exploit discloses the WiFi password of Vodafone H-500-s routers by sending a crafted GET request to the /data/activation.json endpoint with specific headers and cookies. The password is extracted from the JSON response.

Description

Vodafone H500s devices running firmware v3.5.10 (hardware model Sercomm VFH500) expose the WiFi access point password via an unauthenticated HTTP endpoint. By sending a crafted GET request to /data/activation.json with specific headers and cookies, a remote attacker can retrieve a JSON document that contains the wifi_password field. This allows an unauthenticated attacker to obtain the WiFi credentials and gain unauthorized access to the wireless network, compromising confidentiality of network traffic and attached systems.

Exploits (1)

exploitdb WORKING POC
by Daniel Monzón · pythonwebappshardware
https://www.exploit-db.com/exploits/50636

This exploit discloses the WiFi password of Vodafone H-500-s routers by sending a crafted GET request to the /data/activation.json endpoint with specific headers and cookies. The password is extracted from the JSON response.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Vodafone H-500-s Firmware v3.5.10
No auth needed
Prerequisites: Network access to the target router · Knowledge of the router's IP address
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v4 8.7
EPSS 0.0040
EPSS Percentile 31.8%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-497
Status published
Products (1)
Vodacom/Vodafone H500s < 3.5.10
Published Nov 14, 2025
Tracked Since Feb 18, 2026