logo

Hardcoded Key Enables Authentication Bypass in NetComm NF20MESH Routers

ID: c0221f20-5075-5aaf-910e-2d969956adb0

STIX ID: report--c0221f20-5075-5aaf-910e-2d969956adb0

Feed Name: securityonline.info

Threat Score
72/100

Date Published: 2026-07-02

Date Updated: 2026-07-02

Author: Do Son

...
...

Signal 11 disclosed CVE-2026-35019, a critical (CVSS 9.2) authentication bypass in NetComm NF20MESH routers where a hardcoded AES-256 key enables forged session cookies and administrative takeover; the flaw affects firmware R6B031 and earlier, is fixed in R6B032, has an EPSS of 0.4% and no confirmed active exploitation, and administrators are advised to update immediately and restrict router exposure.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.