VYPR
Vendor

Netcomm

Products
18
CVEs
17
Across products
32
Status
Private

Products

18

Recent CVEs

17
  • CVE-2015-6024CriFeb 9, 2017
    risk 0.69cvss 9.8epss 0.26

    ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the DIA_IPADDRESS parameter.

  • CVE-2017-11645CriJul 28, 2017
    risk 0.64cvss 9.8epss 0.01

    NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 do not require authentication for logfile.html, status.html, or system_config.html.

  • CVE-2018-14783HigAug 10, 2018
    risk 0.57cvss 8.8epss 0.01

    NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. A cross-site request forgery condition can occur, allowing an attacker to change passwords of the device remotely.

  • CVE-2017-11646HigJul 28, 2017
    risk 0.57cvss 8.8epss 0.00

    NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 are vulnerable to CSRF attacks, as demonstrated by using administration.html to disable the firewall. They does not contain any token that can mitigate CSRF vulnerabilities within the…

  • CVE-2025-4010HigJun 2, 2025
    risk 0.56cvss epss 0.01

    The Netcom NTC 6200 and NWL 222 series expose a web interface to be configured and set up by operators. Multiple endpoints of the web interface are vulnerable to arbitrary command injection and use insecure hardcoded passwords. Remote authenticated attackers can gain arbitrary…

  • CVE-2015-6023HigFeb 9, 2017
    risk 0.51cvss 7.3epss 0.11

    ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote attackers to bypass intended access restrictions via a direct request. NOTE: this issue can be combined with CVE-2015-6024 to execute arbitrary commands.

  • CVE-2018-14785HigAug 10, 2018
    risk 0.49cvss 7.5epss 0.02

    NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The directory of the device is listed openly without authentication.

  • CVE-2018-14782HigAug 10, 2018
    risk 0.49cvss 7.5epss 0.02

    NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The device allows access to configuration files and profiles without authenticating the user.

  • CVE-2018-14784MedAug 10, 2018
    risk 0.40cvss 6.1epss 0.01

    NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The device is vulnerable to several cross-site scripting attacks, allowing a remote attacker to run arbitrary code on the device.

  • CVE-2017-11647MedJul 28, 2017
    risk 0.35cvss 5.4epss 0.01

    NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 are vulnerable to stored cross-site scripting attacks. Creating an SSID with an XSS payload results in successful exploitation.

  • CVE-2017-5900MedMar 29, 2017
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting (XSS) vulnerability in the NetComm NB16WV-02 router with firmware NB16WV_R0.09 allows remote authenticated users to inject arbitrary web script or HTML via the S801F0334 parameter to hdd.htm.

  • CVE-2005-0895May 2, 2005
    risk 0.03cvss epss 0.02

    Netcomm 1300NB DSL Modem allows remote attackers to cause a denial of service (device hang) via a large number of ping packets.

  • CVE-2026-35019Jun 23, 2026
    risk 0.00cvss epss 0.00

    NetComm NF20MESH routers running firmware R6B031 and earlier contain an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by exploiting a hardcoded AES-256 key used to encrypt session cookies for the web management interface.…

  • CVE-2026-35018Jun 23, 2026
    risk 0.00cvss epss 0.01

    NetComm NF20MESH routers running firmware R6B031 and earlier contain an authenticated remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands as root by injecting shell metacharacters into the username JSON parameter processed by the…

  • CVE-2022-4873Jan 11, 2023
    risk 0.00cvss epss 0.07

    On Netcomm router models NF20MESH, NF20, and NL1902 a stack based buffer overflow affects the sessionKey parameter. By providing a specific number of bytes, the instruction pointer is able to be overwritten on the stack and crashes the application at a known location.

  • CVE-2022-4874Jan 11, 2023
    risk 0.00cvss epss 0.11

    Authentication bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows an unauthenticated user to access content. In order to serve static content, the application performs a check for the existence of specific characters in the URL (.css, .png etc). If it exists, it…

  • CVE-2014-4871Oct 7, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in wlsecurity.html on NetCommWireless NB604N routers with firmware before GAN5.CZ56T-B-NC.AU-R4B030.EN allows remote attackers to inject arbitrary web script or HTML via the wlWpaPsk parameter.