From 71b5b8bde899dee95009482f59bedde20b7c5a8b Mon Sep 17 00:00:00 2001
From: xiaoheihei1107 <62200676+xiaoheihei1107@users.noreply.github.com>
Date: Mon, 9 Aug 2021 12:30:49 +0800
Subject: [PATCH] Add NuCom Remote Privilege Escalation

---
 .../README.md                                          | 10 ++++++++++
 1 file changed, 10 insertions(+)
 create mode 100644 NuCom/NuCom 11N Wireless Router v5.07.90 Remote Privilege Escalation/README.md

diff --git a/NuCom/NuCom 11N Wireless Router v5.07.90 Remote Privilege Escalation/README.md b/NuCom/NuCom 11N Wireless Router v5.07.90 Remote Privilege Escalation/README.md
new file mode 100644
index 0000000..c33736c
--- /dev/null
+++ b/NuCom/NuCom 11N Wireless Router v5.07.90 Remote Privilege Escalation/README.md	
@@ -0,0 +1,10 @@
+# NuCom 11N Wireless Router v5.07.90 Remote Privilege Escalation
+
+The application suffers from a privilege escalation vulnerability. The non-privileged default user (user:user) can elevate his privileges by sending a HTTP GET request to the configuration backup endpoint and disclose the http super password (admin credentials) in Base64 encoded value. Once authenticated as admin, an attacker will be granted access to the additional and privileged pages.
+
+FOFA **query rule**: [title="NuCom 11N Wireless Router"||body="NuCom 11N Wireless Router"](https://fofa.so/result?qbase64=dGl0bGU9Ik51Q29tIDExTiBXaXJlbGVzcyBSb3V0ZXIifHxib2R5PSJOdUNvbSAxMU4gV2lyZWxlc3MgUm91dGVyIg%3D%3D)
+
+# Demo
+
+![](NuCom_11N_Wireless_Router_V5_07_Remote_Privilege_Escalation.gif)
+