CVE-2026-35018
Deferred Deferred - Pending Action
Authenticated Remote Code Execution in NetComm NF20MESH Routers

Publication date: 2026-06-23

Last updated on: 2026-06-23

Assigner: VulnCheck

Description
NetComm NF20MESH routers running firmware R6B031 and earlier contain an authenticated remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands as root by injecting shell metacharacters into the username JSON parameter processed by the dalStorage_addUserAccount function. Attackers can exploit the unsafe concatenation of user-supplied input into a shell command string passed to rut_doSystemAction without sanitization to achieve full root-level command execution on the underlying operating system.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-23
Last Modified
2026-06-23
Generated
2026-06-23
AI Q&A
2026-06-23
EPSS Evaluated
N/A
NVD
CVE-2026-35018
EUVD
EUVD-2026-38452
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
netcomm nf20mesh to R6B031 (exc)
netcomm nf20mesh to R6B032 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability allows authenticated attackers to execute arbitrary commands as root on the affected NetComm NF20MESH routers, potentially leading to unauthorized access, modification, or exfiltration of sensitive data.

Such unauthorized access and control over the device could result in violations of data protection regulations like GDPR and HIPAA, which require safeguarding sensitive personal and health information against unauthorized access and ensuring system integrity.

Therefore, exploitation of this vulnerability could compromise compliance with these standards by exposing sensitive data or disrupting system availability and integrity.

Executive Summary

CVE-2026-35018 is an authenticated remote code execution vulnerability in NetComm NF20MESH routers running firmware R6B031 and earlier.

The flaw exists in the dalStorage_addUserAccount function, where an attacker with valid credentials can inject shell metacharacters into the username JSON parameter.

This input is unsafely concatenated into a shell command string passed to rut_doSystemAction without proper sanitization, allowing arbitrary commands to be executed as the root user on the underlying operating system.

Impact Analysis

Exploitation of this vulnerability allows an authenticated attacker to execute arbitrary commands with root privileges on the affected router.

This can lead to unauthorized access to sensitive data, modification of system behavior, and potentially full control over the device.

Such control could be used to disrupt network operations, intercept or manipulate traffic, or use the device as a foothold for further attacks within the network.

Detection Guidance

This vulnerability can be detected by checking if your NetComm NF20MESH router is running firmware version R6B031 or earlier, as these versions are vulnerable.

Since exploitation requires authenticated access and involves injecting shell metacharacters into the username JSON parameter processed by the dalStorage_addUserAccount function, detection can involve monitoring for unusual or suspicious username inputs containing shell metacharacters in router logs or authentication attempts.

Specific commands to detect exploitation attempts are not provided in the available resources.

Mitigation Strategies

The primary mitigation is to upgrade the router firmware to version R6B032 or later, which contains a fix for this vulnerability.

  • Upgrade NetComm NF20MESH router firmware to R6B032 or later.
  • Change default passwords to strong, unique passwords.
  • Avoid exposing the router to the public internet.
  • Implement network segmentation to limit access to the router.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-35018. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart