Sign-up

ID

VAR-201806-1767


CVE

CVE-2018-8755


TITLE

NuCom WR644GACV Vulnerabilities related to certificate and password management in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-006885

DESCRIPTION

NuCom WR644GACV devices before STA006 allow an attacker to download the configuration file without credentials. By downloading this file, an attacker can access the admin password, WPA key, and any config information of the device. NuCom WR644GACV The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The NuComWR644GACV is a wireless dual-band router device from NuCom, Spain. There is a security hole in NuComWR644GACV

Trust: 2.16

sources: NVD: CVE-2018-8755 // JVNDB: JVNDB-2018-006885 // CNVD: CNVD-2018-24166

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-24166

AFFECTED PRODUCTS

vendor:nucommodel:wr644gacvscope:ltversion:sta006

Trust: 1.8

vendor:nucommodel:wr644gacv <sta006scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2018-24166 // JVNDB: JVNDB-2018-006885 // NVD: CVE-2018-8755

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-8755
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-8755
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-24166
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201806-1186
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2018-8755
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-24166
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-8755
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-24166 // JVNDB: JVNDB-2018-006885 // CNNVD: CNNVD-201806-1186 // NVD: CVE-2018-8755

PROBLEMTYPE DATA

problemtype:CWE-862

Trust: 1.0

problemtype:CWE-255

Trust: 0.8

sources: JVNDB: JVNDB-2018-006885 // NVD: CVE-2018-8755

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201806-1186

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201806-1186

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-006885

PATCH
title:NC-WR644GACVurl:http://www.nucom.es/productos-es/wireless-es/item/nc-wr644gacv-ac1200-wireless-dual-band-gigabit-voip-router
Trust: 0.8
title:NuCom WR644GACV Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81490
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-006885 // 
            
            
            
            CNNVD: CNNVD-201806-1186

EXTERNAL IDS
db:NVDid:CVE-2018-8755
Trust: 3.0
db:JVNDBid:JVNDB-2018-006885
Trust: 0.8
db:CNVDid:CNVD-2018-24166
Trust: 0.6
db:CNNVDid:CNNVD-201806-1186
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-24166 // 
            
            
            
            JVNDB: JVNDB-2018-006885 // 
            
            
            
            CNNVD: CNNVD-201806-1186 // 
            
            
            
            NVD: CVE-2018-8755

REFERENCES
url:https://blog.nivel4.com/investigaciones/vulnerabilidad-en-los-dispositivos-nucom-wr644gacv/
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2018-8755
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8755
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2018-24166 // 
            
            
            
            JVNDB: JVNDB-2018-006885 // 
            
            
            
            CNNVD: CNNVD-201806-1186 // 
            
            
            
            NVD: CVE-2018-8755

SOURCES
db:CNVDid:CNVD-2018-24166
db:JVNDBid:JVNDB-2018-006885
db:CNNVDid:CNNVD-201806-1186
db:NVDid:CVE-2018-8755

LAST UPDATE DATE
2024-11-23T22:12:29.397000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-24166date:2018-11-28T00:00:00
db:JVNDBid:JVNDB-2018-006885date:2018-09-04T00:00:00
db:CNNVDid:CNNVD-201806-1186date:2019-10-23T00:00:00
db:NVDid:CVE-2018-8755date:2024-11-21T04:14:15.503

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-24166date:2018-11-12T00:00:00
db:JVNDBid:JVNDB-2018-006885date:2018-09-04T00:00:00
db:CNNVDid:CNNVD-201806-1186date:2018-06-26T00:00:00
db:NVDid:CVE-2018-8755date:2018-06-25T15:29:00.537