Tag

CWE-862

1 brief RSS

free5GC NEF Unauthenticated Callback Vulnerability

free5GC NEF v4.2.1 exposes an unauthenticated callback route group, enabling attackers to forge SMF callbacks and potentially corrupt AF traffic-influence or PFD-management subscription views, leading to unauthorized policy changes.

nef:v4.2.1 +1 5G NEF Authentication Bypass CWE-306 CWE-862

2r 1t Jan 2, 2024