← Advisories

NuCom 11N Wireless Router v5.07.90 Remote Privilege Escalation

High
Advisory ID
ZSL-2021-5629
Release Date
10 March 2021
Vendor
NUEVAS COMUNICACIONES IBERIA, S.A. - https://www.nucom.es
Affected Version
5.07.90_multi_NCM01, 5.07.89_multi_NCM01, 5.07.72_multi_NCM01
CVE
CVE-2021-47726
Tested On
GoAhead-Webs, Tenda
Summary

The NC routers upgrades your network to the next generation of WiFi. With combined wireless speeds of up to 1750 Mbps, the device provides better speeds and wireless range. Includes 2 FXS ports for any VoIP service. If you prefer a wired connection, the NC routers have gigabit ports to provide an incredibly fast, lag-free experience. 3.0 ports allow you to power a robust home Internet network by sharing printers, flash storage, FTP servers, or media players.

Description

The application suffers from a privilege escalation vulnerability. The non-privileged default user (user:user) can elevate his/her privileges by sending a HTTP GET request to the configuration backup endpoint and disclose the http super password (admin credentials) in Base64 encoded value. Once authenticated as admin, an attacker will be granted access to the additional and privileged pages.

Proof of Concept
nucomrouter_privesc.txtTXT
Disclosure Timeline
01.03.2021Vulnerability discovered.
08.03.2021Vendor contacted.
09.03.2021No response from the vendor.
10.03.2021Public security advisory released.
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]https://packetstormsecurity.com/files/161745
[2]https://www.exploit-db.com/exploits/49634
[3]https://cxsecurity.com/issue/WLB-2021030061
[4]https://exchange.xforce.ibmcloud.com/vulnerabilities/198068
[5]https://www.cve.org/CVERecord?id=CVE-2021-47726
Changelog
10.03.2021Initial release
11.03.2021Added reference [1], [2] and [3]
12.03.2021Added reference [4]
23.03.2026Added reference [5]