CVE-2022-4985

14.11.2025, 23:15

Vodafone H500s devices running firmware v3.5.10 (hardware model Sercomm VFH500) expose the WiFi access point password via an unauthenticated HTTP endpoint. By sending a crafted GET request to /data/activation.json with specific headers and cookies, a remote attacker can retrieve a JSON document that contains the wifi_password field. This allows an unauthenticated attacker to obtain the WiFi credentials and gain unauthorized access to the wireless network, compromising confidentiality of network traffic and attached systems.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
VulnCheck	CNA	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Common Weakness Enumeration

CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
The application does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the application does.

References

https://cxsecurity.com/issue/WLB-2022010024

https://help.vodacom.co.za/personal/home/61/9493/1023659/Vodafone-H500s-WiFi-router

https://www.exploit-db.com/exploits/50636

https://www.vulncheck.com/advisories/vodafone-h500s-wifi-password-disclosure-via-activation-json