CVE-2026-35019— NetComm NF20MESH < R6B032 Hardcoded AES Key Authentication Bypass
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-35019
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
NetComm NF20MESH < R6B032 Hardcoded AES Key Authentication Bypass
Source: NVD (National Vulnerability Database)
Vulnerability Description
NetComm NF20MESH routers running firmware R6B031 and earlier contain an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by exploiting a hardcoded AES-256 key used to encrypt session cookies for the web management interface. Attackers can forge a valid encrypted session cookie using the shared hardcoded key and bypass authentication checks to obtain full administrative control of the management interface while any legitimate administrator session is active.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用硬编码的密码学密钥
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| NetComm Wireless Pty Ltd | NF20MESH | 0 ~ R6B032 | - |
II. Public POCs for CVE-2026-35019
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-35019
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-35019 (1)
Vendor Pages for CVE-2026-35019 (1)
Other References for CVE-2026-35019 (2)
IV. Related Vulnerabilities
Same weakness: CWE-321
- CVE-2026-54833
WordPress Enable CORS plugin <= 2.0.3 - Backdoor vulnerabili - CVE-2026-9220
Setracker2 Children's Smartwatch Ecosystem Use of hard-coded - CVE-2026-9260
佳能EOS网络设置工具V1.5.0前硬编码密钥漏洞 - CVE-2026-34029
Hard-coded cryptographic key in Wertheim SafeController Soft - CVE-2026-34022
Weak custom cryptography and hard-coded keys in Wertheim Saf
V. Comments for CVE-2026-35019
No comments yet