admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-06-20 09:50:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add NuCom Remote Privilege Escalation

Browse Source
This commit is contained in:
xiaoheihei1107 2021-08-09 12:30:49 +08:00 committed by GitHub
parent 3236d7ab1f
commit 71b5b8bde8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
NuCom/NuCom 11N Wireless Router v5.07.90 Remote Privilege Escalation/README.md Normal file
View File

@ -0,0 +1,10 @@
# NuCom 11N Wireless Router v5.07.90 Remote Privilege Escalation
The application suffers from a privilege escalation vulnerability. The non-privileged default user (user:user) can elevate his privileges by sending a HTTP GET request to the configuration backup endpoint and disclose the http super password (admin credentials) in Base64 encoded value. Once authenticated as admin, an attacker will be granted access to the additional and privileged pages.
FOFA **query rule**: [title="NuCom 11N Wireless Router"||body="NuCom 11N Wireless Router"](https://fofa.so/result?qbase64=dGl0bGU9Ik51Q29tIDExTiBXaXJlbGVzcyBSb3V0ZXIifHxib2R5PSJOdUNvbSAxMU4gV2lyZWxlc3MgUm91dGVyIg%3D%3D)
# Demo
![](NuCom_11N_Wireless_Router_V5_07_Remote_Privilege_Escalation.gif)