Vulnerability Key Information Vulnerability Title Vodafone H500s WiFi Password Disclosure via activation.json Severity HIGH Date November 14, 2025 Affected Scope H500s firmware versions <= 3.5.10 An affected version range remains undefined This product appears to no longer be supported CVE CVE-2022-4985 CWE CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere CVSS 8.7 CVSS V4 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N References ExploitDB-50636 CXSECurity (WLB-2022010024) Vodacom Product Site Vulnerability Description The Vodafone H500s device, running firmware v3.5.10 (hardware model Sercomm VFH500), exposes the WiFi access point password through an unauthenticated HTTP endpoint. By sending a GET request to /data/activation.json with specific headers and cookies, a remote attacker can retrieve a JSON document containing the wifi_password field. This allows unauthorized attackers to obtain WiFi credentials and gain unauthorized access to the wireless network, thereby compromising the confidentiality of network traffic and connected systems.