CVE-2026-35018
NetComm NF20MESH < R6B032 Authenticated RCE via OS Command Injection
CVSS Score
8.8
EPSS Score
0.0%
EPSS Percentile
0th
NetComm NF20MESH routers running firmware R6B031 and earlier contain an authenticated remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands as root by injecting shell metacharacters into the username JSON parameter processed by the dalStorage_addUserAccount function. Attackers can exploit the unsafe concatenation of user-supplied input into a shell command string passed to rut_doSystemAction without sanitization to achieve full root-level command execution on the underlying operating system.
| CWE | CWE-78 |
| Vendor | netcomm wireless pty ltd |
| Product | nf20mesh |
| Published | Jun 23, 2026 |
Stay Ahead of the Next One
Get instant alerts for netcomm wireless pty ltd nf20mesh
Be the first to know when new high vulnerabilities affecting netcomm wireless pty ltd nf20mesh are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
NetComm Wireless Pty Ltd / NF20MESH
0 < R6B032
References
signal11.io: https://signal11.io/advisories/netcomm-nf20-mesh-remote-code-execution support.netcommwireless.com: https://support.netcommwireless.com/api/Media/Firmware/4407c21d-e990-49a4-9754-b72475f20c76?Product=NF20MESH%20Release%20Notes.pdf support.netcommwireless.com: https://support.netcommwireless.com/products/nf20mesh#Firmware vulncheck.com: https://www.vulncheck.com/advisories/netcomm-nf20mesh-r6b032-authenticated-rce-via-os-command-injection
Credits
Brendan Scarvell of Signal 11