CVE-2022-4985 | Vodacom Vodafone H500s up to 3.5.10 HTTP Endpoint /data/activation.json wifi_password exposure of sensitive system information to an unauthorized control sphere (Exploit 50636 / EDB-50636)

A vulnerability was found in Vodacom Vodafone H500s up to 3.5.10. It has been declared as problematic. The impacted element is an unknown function of the file /data/activation.json of the component HTTP Endpoint. Executing manipulation of the argument wifi_password can lead to exposure of sensitive system information to an unauthorized control sphere. This vulnerability only affects products that are no longer supported by the maintainer.

This vulnerability appears as CVE-2022-4985. The attack may be performed from remote. In addition, an exploit is available.

The application of restrictive firewalling is recommended.VulDB Recent EntriesRead More