CVE-2026-35019
Deferred Deferred - Pending Action
Authentication Bypass in NetComm NF20MESH Routers

Publication date: 2026-06-23

Last updated on: 2026-06-23

Assigner: VulnCheck

Description
NetComm NF20MESH routers running firmware R6B031 and earlier contain an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by exploiting a hardcoded AES-256 key used to encrypt session cookies for the web management interface. Attackers can forge a valid encrypted session cookie using the shared hardcoded key and bypass authentication checks to obtain full administrative control of the management interface while any legitimate administrator session is active.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-23
Last Modified
2026-06-23
Generated
2026-06-23
AI Q&A
2026-06-23
EPSS Evaluated
N/A
NVD
CVE-2026-35019
EUVD
EUVD-2026-38453
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
netcomm nf20mesh *
netcomm nf20mesh to r6b032 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-321 The product uses a hard-coded, unchangeable cryptographic key.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability affects NetComm NF20MESH routers running firmware R6B031 and earlier. It is an authentication bypass flaw caused by the use of a hardcoded AES-256 encryption key for session cookies in the router's web management interface.

Attackers who are unauthenticated can exploit this by forging valid encrypted session cookies using the shared hardcoded key. This allows them to bypass authentication checks and gain full administrative access to the router's management interface while any legitimate administrator session is active.

Impact Analysis

This vulnerability can have a severe impact as it allows unauthenticated attackers to gain full administrative control over the affected router's management interface.

  • Attackers can change router settings, potentially disrupting network operations.
  • They can intercept or redirect network traffic, leading to data theft or manipulation.
  • The attacker could create persistent backdoors or disable security features.
  • Overall, this can compromise the security and integrity of the entire network connected to the router.
Mitigation Strategies

To mitigate this vulnerability, you should upgrade the firmware of your NetComm NF20MESH routers to a version later than R6B031, as the vulnerability affects firmware R6B031 and earlier.

Avoid using the affected firmware versions and monitor the vendor's support page for updated firmware releases that address this authentication bypass issue.

Compliance Impact

The provided information does not specify how the authentication bypass vulnerability in NetComm NF20MESH routers impacts compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-35019. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart