Skip to main content

Nf20Mesh

2 CVEs product

Monthly

CVE-2026-35019 CRITICAL PATCH Act Now

Authentication bypass in NetComm NF20MESH routers (firmware R6B031 and earlier) allows unauthenticated remote attackers to forge valid encrypted session cookies using a hardcoded AES-256 key embedded in the firmware, granting full administrative control of the web management interface. The root cause is CWE-321 (Use of Hard-coded Cryptographic Key): because the same static AES-256 key is shared across all devices, any attacker who extracts it from firmware can impersonate any session. Exploitation requires an active administrator session and network reachability to the management interface; no KEV listing or confirmed public exploit exists at time of analysis, though the hardcoded-key nature makes the attack highly automatable once the key is disclosed.

Authentication Bypass Nf20Mesh
NVD
CVSS 4.0
9.2
EPSS
0.4%
CVE-2026-35018 HIGH PATCH This Week

Authenticated remote code execution in NetComm NF20MESH routers running firmware R6B031 and earlier allows low-privileged authenticated attackers to gain full root-level OS control via OS command injection. The dalStorage_addUserAccount function unsafely concatenates attacker-supplied JSON username input into a shell command string executed by rut_doSystemAction without sanitization, enabling shell metacharacter injection. No public exploit identified at time of analysis and no CISA KEV listing, but a detailed public advisory from signal11.io documents the attack surface, and a vendor patch (implied R6B032) is available.

Command Injection RCE Nf20Mesh
NVD
CVSS 4.0
8.7
EPSS
0.7%
EPSS 0% CVSS 9.2
CRITICAL PATCH Act Now

Authentication bypass in NetComm NF20MESH routers (firmware R6B031 and earlier) allows unauthenticated remote attackers to forge valid encrypted session cookies using a hardcoded AES-256 key embedded in the firmware, granting full administrative control of the web management interface. The root cause is CWE-321 (Use of Hard-coded Cryptographic Key): because the same static AES-256 key is shared across all devices, any attacker who extracts it from firmware can impersonate any session. Exploitation requires an active administrator session and network reachability to the management interface; no KEV listing or confirmed public exploit exists at time of analysis, though the hardcoded-key nature makes the attack highly automatable once the key is disclosed.

Authentication Bypass Nf20Mesh
NVD
EPSS 1% CVSS 8.7
HIGH PATCH This Week

Authenticated remote code execution in NetComm NF20MESH routers running firmware R6B031 and earlier allows low-privileged authenticated attackers to gain full root-level OS control via OS command injection. The dalStorage_addUserAccount function unsafely concatenates attacker-supplied JSON username input into a shell command string executed by rut_doSystemAction without sanitization, enabling shell metacharacter injection. No public exploit identified at time of analysis and no CISA KEV listing, but a detailed public advisory from signal11.io documents the attack surface, and a vendor patch (implied R6B032) is available.

Command Injection RCE Nf20Mesh
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy