Vulnerabilities > CVE-2018-8755 - Missing Authorization vulnerability in Nucom Wr644Gacv Firmware
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
NuCom WR644GACV devices before STA006 allow an attacker to download the configuration file without credentials. By downloading this file, an attacker can access the admin password, WPA key, and any config information of the device.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 1 | |
Hardware | 1 |
Common Weakness Enumeration (CWE)
Packetstorm
data source | https://packetstormsecurity.com/files/download/148394/nucomncwr644gacv-bypass.txt |
id | PACKETSTORM:148394 |
last seen | 2018-07-03 |
published | 2018-07-02 |
reporter | Zerial |
source | https://packetstormsecurity.com/files/148394/NuCom-NC-WR644GACV-Unauthenticated-Configuration-File-Download.html |
title | NuCom NC-WR644GACV Unauthenticated Configuration File Download |