CVE-2025-5379
📋 TL;DR
The NuCom NC-WR744G router version 8.5.5 Build 20200530.307 contains hard-coded credentials in its console application, allowing attackers to gain unauthorized administrative access. This affects all users of this specific router version. Attackers can exploit this remotely without authentication.
💻 Affected Systems
- NuCom NC-WR744G
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of router with ability to modify configurations, intercept traffic, install malware, or use as pivot point into internal network.
Likely Case
Unauthorized administrative access to router leading to network configuration changes, DNS hijacking, or credential harvesting.
If Mitigated
Limited impact if router is behind firewall with strict inbound rules and network segmentation.
🎯 Exploit Status
Hard-coded credentials typically require minimal technical skill to exploit once known.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None available
Restart Required: No
Instructions:
No official patch available. Vendor did not respond to disclosure.
🔧 Temporary Workarounds
Change default credentials
allChange all administrative passwords including CMCCAdmin, useradmin, and CUAdmin accounts
Login to router admin interface and navigate to password/security settings
Disable remote management
allTurn off WAN-side management access to prevent remote exploitation
Navigate to remote management/administration settings and disable
🧯 If You Can't Patch
- Replace affected router with different model/vendor
- Place router behind firewall with strict inbound rules blocking management ports
🔍 How to Verify
Check if Vulnerable:
Attempt to login using hard-coded credentials: CMCCAdmin/useradmin/CUAdmin with common/default passwordsCheck Version:
Check router web interface or use command: show version (if CLI available)Verify Fix Applied:
Verify new strong passwords are required for all administrative accounts and remote management is disabled📡 Detection & Monitoring
Log Indicators:
- Multiple failed login attempts followed by successful login with default credentials
- Administrative login from unexpected IP addresses
Network Indicators:
- External connections to router management ports (typically 80, 443, 23, 22)
- Traffic patterns indicating configuration changes
SIEM Query:
source_ip=external AND (dest_port=80 OR dest_port=443 OR dest_port=23) AND event_type=authentication_success