| शीर्षक | NuCom NC-WR744G 8.5.5 (Build:20200530.307-TEMP) Cleartext Storage of Sensitive Information |
|---|
| विवरण | It's possible to obtain valid hardcoded credentials from the client-side code, right after the web page login. Those credentials give access to Telnet, FTP and SMB services running on the product and also other credentials related to the web application.
Steps to reproduce:
Step 1: Go to the product's console application login form accessing http://<IP>:<PORT>;
Step 2: After successfull login, view the client-side code using the browser dev-tools;
Step 3: Search for the "account" tag and then locate the following credentials: "CMCCAdmin", "useradmin" and "CUAdmin" for other web features access and Admin:cxx4dm1n5591 for Telnet, FTP and SAMBA (all valid access) |
|---|
| उपयोगकर्ता | matuii (UID 85610) |
|---|
| सबमिशन | 22/05/2025 05:41 AM (11 महीनों पहले) |
|---|
| संयम | 30/05/2025 01:34 PM (8 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 310672 [NuCom NC-WR744G 8.5.5 Build 20200530.307 Console Application CMCCAdmin/useradmin/CUAdmin कमजोर प्रमाणीकरण] |
|---|
| अंक | 17 |
|---|