A critical vulnerability (CVE-2026-35019) affecting NetComm NF20MESH routers was disclosed, allowing unauthorized access due to hardcoded AES key authentication bypass. The CVSS score is 9.2, indicating high severity. The flaw can grant admin access to the routers running firmware version R6B031 or earlier. No exploitation has been reported in the wild; however, if exploited, it could allow attackers to manipulate network settings, potentially compromising all connected devices. A patch is available in firmware version R6B032, and users are advised to update immediately.
CVE-2026-35019 flaw lets attackers hijack NetComm routers
CyberSIXT Evidence Panel
Article by CyberSIXT