Login Sign Up

CVE-2018-8755

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

CVE-2018-8755 allows unauthenticated attackers to download the configuration file from NuCom WR644GACV devices, exposing admin passwords, WPA keys, and all device configuration. This affects NuCom WR644GACV devices running firmware versions before STA006. Attackers can gain complete control of affected devices without any credentials.

💻 Affected Systems

Products:
  • NuCom WR644GACV
Versions: All versions before STA006
Operating Systems: Embedded firmware
Default Config Vulnerable: ⚠️ Yes
Notes: All devices with default configurations are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Wr644gacv Firmware by Nucom

View all CVEs affecting Wr644gacv Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device takeover, network compromise, credential theft, and persistent backdoor access to the network.

🟠

Likely Case

Unauthorized access to device configuration, password theft, and potential network infiltration.

🟢

If Mitigated

Limited impact if devices are behind firewalls with strict network segmentation and access controls.

🌐 Internet-Facing: HIGH - Directly exposed devices can be compromised remotely without authentication.
🏢 Internal Only: MEDIUM - Internal attackers or malware could exploit this to pivot within the network.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Simple HTTP request to download configuration file. No authentication or special tools required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: STA006 or later

Vendor Advisory: https://blog.nivel4.com/investigaciones/vulnerabilidad-en-los-dispositivos-nucom-wr644gacv/

Restart Required: Yes

Instructions:

1. Download firmware version STA006 or later from vendor. 2. Log into device admin interface. 3. Navigate to firmware update section. 4. Upload and apply new firmware. 5. Reboot device.

🔧 Temporary Workarounds

Network Access Control

all

Restrict access to device management interface using firewall rules

Configuration File Protection

all

Manually change default credentials and WPA keys after initial setup

🧯 If You Can't Patch

  • Isolate affected devices in separate VLAN with strict access controls
  • Implement network monitoring for configuration file download attempts

🔍 How to Verify

Check if Vulnerable:

Attempt to access http://[device-ip]/config.bin without authentication. If file downloads, device is vulnerable.

Check Version:

Check firmware version in device web interface under System Status or About sections

Verify Fix Applied:

After patching, attempt same access. Should return 404 or authentication required.

📡 Detection & Monitoring

Log Indicators:

  • HTTP GET requests to /config.bin from unauthorized IPs
  • Multiple failed authentication attempts followed by config.bin access

Network Indicators:

  • Unusual HTTP traffic to device management interface
  • Configuration file downloads from unexpected sources

SIEM Query:

source_ip=* AND dest_ip=[device_ip] AND url_path="/config.bin" AND http_method=GET

📊 Metadata

CVE ID: CVE-2018-8755
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-862
Published: June 25, 2018
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2018-8755, you might also want to check these:

CVE-2024-6071 10.0

CVE-2024-6071 is a critical remote code execution vulnerability in PTC Creo Elements/Direct License ...

Same vulnerability type (CWE-862)
CVE-2022-0543 10.0

CVE-2022-0543 is a critical Lua sandbox escape vulnerability in Redis on Debian-based systems that a...

Same vulnerability type (CWE-862)
CVE-2024-6500 10.0

This vulnerability allows unauthenticated attackers to read and delete arbitrary files on WordPress ...

Same vulnerability type (CWE-862)