Vulnerabilities > CVE-2018-8755 - Missing Authorization vulnerability in Nucom Wr644Gacv Firmware

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

nucom

CWE-862

critical

NVD

Published: 2018-06-25

Updated: 2024-11-21

Summary

NuCom WR644GACV devices before STA006 allow an attacker to download the configuration file without credentials. By downloading this file, an attacker can access the admin password, WPA key, and any config information of the device.

Vulnerable Configurations

Part	Description	Count
OS	Nucom Nucom Wr644Gacv Firmware *	1
Hardware	Nucom Nucom Wr644Gacv -	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

Packetstorm

data source	https://packetstormsecurity.com/files/download/148394/nucomncwr644gacv-bypass.txt
id	PACKETSTORM:148394
last seen	2018-07-03
published	2018-07-02
reporter	Zerial
source	https://packetstormsecurity.com/files/148394/NuCom-NC-WR644GACV-Unauthenticated-Configuration-File-Download.html
title	NuCom NC-WR644GACV Unauthenticated Configuration File Download

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Packetstorm

References