CVE-2026-35019 – NetComm NF20MESH < R6B032 Hardcoded AES Key Authentication Bypass

CVE ID :CVE-2026-35019

Published : June 23, 2026, 1:48 p.m. | 1 hour, 55 minutes ago

Description :NetComm NF20MESH routers running firmware R6B031 and earlier contain an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by exploiting a hardcoded AES-256 key used to encrypt session cookies for the web management interface. Attackers can forge a valid encrypted session cookie using the shared hardcoded key and bypass authentication checks to obtain full administrative control of the management interface while any legitimate administrator session is active.

Severity: 9.2 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…