| Title | NuCom NC-WR744G 8.5.5 (Build:20200530.307-TEMP) Cleartext Storage of Sensitive Information |
|---|
| Description | It's possible to obtain valid hardcoded credentials from the client-side code, right after the web page login. Those credentials give access to Telnet, FTP and SMB services running on the product and also other credentials related to the web application.
Steps to reproduce:
Step 1: Go to the product's console application login form accessing http://<IP>:<PORT>;
Step 2: After successfull login, view the client-side code using the browser dev-tools;
Step 3: Search for the "account" tag and then locate the following credentials: "CMCCAdmin", "useradmin" and "CUAdmin" for other web features access and Admin:cxx4dm1n5591 for Telnet, FTP and SAMBA (all valid access) |
|---|
| User | matuii (UID 85610) |
|---|
| Submission | 05/22/2025 05:41 (11 months ago) |
|---|
| Moderation | 05/30/2025 13:34 (8 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 310672 [NuCom NC-WR744G 8.5.5 Build 20200530.307 Console Application CMCCAdmin/useradmin/CUAdmin hard-coded credentials] |
|---|
| Points | 17 |
|---|