Vulnerabilities > CVE-2018-8755 - Missing Authorization vulnerability in Nucom Wr644Gacv Firmware

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

nucom

CWE-862

NVD

Published: 2018-06-25

Updated: 2019-10-03

Summary

NuCom WR644GACV devices before STA006 allow an attacker to download the configuration file without credentials. By downloading this file, an attacker can access the admin password, WPA key, and any config information of the device.

Vulnerable Configurations

Part	Description	Count
OS	Nucom Nucom Wr644Gacv Firmware *	1
Hardware	Nucom Nucom Wr644Gacv -	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

Packetstorm

data source	https://packetstormsecurity.com/files/download/148394/nucomncwr644gacv-bypass.txt
id	PACKETSTORM:148394
last seen	2018-07-03
published	2018-07-02
reporter	Zerial
source	https://packetstormsecurity.com/files/148394/NuCom-NC-WR644GACV-Unauthenticated-Configuration-File-Download.html
title	NuCom NC-WR644GACV Unauthenticated Configuration File Download

References

https://blog.nivel4.com/investigaciones/vulnerabilidad-en-los-dispositivos-nucom-wr644gacv/