CVE-2022-4985
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-14

Last updated on: 2025-11-18

Assigner: VulnCheck

Description
Vodafone H500s devices running firmware v3.5.10 (hardware model Sercomm VFH500) expose the WiFi access point password via an unauthenticated HTTP endpoint. By sending a crafted GET request to /data/activation.json with specific headers and cookies, a remote attacker can retrieve a JSON document that contains the wifi_password field. This allows an unauthenticated attacker to obtain the WiFi credentials and gain unauthorized access to the wireless network, compromising confidentiality of network traffic and attached systems.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-14
Last Modified
2025-11-18
Generated
2026-06-16
AI Q&A
2025-11-15
EPSS Evaluated
2026-06-15
NVD
CVE-2022-4985
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
vodafone h500s 3.5.10
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-497 The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

Vodafone H500s devices running firmware v3.5.10 expose the WiFi access point password through an unauthenticated HTTP endpoint. An attacker can send a specially crafted GET request to /data/activation.json with certain headers and cookies to retrieve a JSON document containing the wifi_password field. This means anyone without authentication can obtain the WiFi credentials.

Impact Analysis

This vulnerability allows an unauthenticated remote attacker to gain unauthorized access to your wireless network by obtaining the WiFi password. This compromises the confidentiality of your network traffic and any systems connected to the network, potentially leading to further unauthorized access or data breaches.

Detection Guidance

You can detect this vulnerability by sending an unauthenticated HTTP GET request to the endpoint /data/activation.json on Vodafone H500s devices running firmware v3.5.10. If the device responds with a JSON document containing the wifi_password field, it is vulnerable. For example, you can use the following curl command: curl -v http://<device-ip>/data/activation.json -H "Specific-Headers" -b "Specific-Cookies". Replace <device-ip> with the target device's IP address and include the required headers and cookies as needed.

Mitigation Strategies

Immediate mitigation steps include restricting access to the vulnerable endpoint by implementing network-level controls such as firewall rules to block unauthenticated HTTP requests to /data/activation.json, updating the device firmware if a patch is available, or disabling the vulnerable service if possible to prevent unauthorized retrieval of WiFi credentials.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2022-4985. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart