CVE-2022-40494

CVE-2022-40494

EPSS 1.6%

NPS before v0.26.10 was discovered to contain an authentication bypass vulnerability via constantly generating and sending the Auth key and Timestamp parameters.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://blog.carrot2.cn/2022/08/cve-2022-40494.html https://github.com/1security/Vulnerability/blob/main/web/nps/1.md