Description
NuCom WR644GACV devices before STA006 allow an attacker to download the configuration file without credentials. By downloading this file, an attacker can access the admin password, WPA key, and any config information of the device.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://blog.nivel4.com/investigaciones/vulnerabilidad-en-los-dispositivos-nucom-wr644gacv/
Scores
CVSS v3
9.8
EPSS
0.0108
EPSS Percentile
61.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-862
Status
published
Products (1)
nucom/wr644gacv_firmware
< sta006
Published
Jun 25, 2018
Tracked Since
Feb 18, 2026