VYPR

H500s

by Vodafone

CVEs (1)

  • CVE-2022-4985HigNov 14, 2025
    risk 0.57cvss epss 0.00

    Vodafone H500s devices running firmware v3.5.10 (hardware model Sercomm VFH500) expose the WiFi access point password via an unauthenticated HTTP endpoint. By sending a crafted GET request to /data/activation.json with specific headers and cookies, a remote attacker can retrieve…