CVE-2025-5379
5/31/2025 2:15:19 PM
2 روز قبل
2 روز قبل
1
Reporter :cna@vuldb.com
Modified :5/31/2025 2:15:19 PM
Problem Data :CWE-259
Description
A vulnerability classified as critical was found in NuCom NC-WR744G 8.5.5 Build 20200530.307. This vulnerability affects unknown code of the component Console Application. The manipulation of the argument CMCCAdmin/useradmin/CUAdmin leads to hard-coded credentials. The attack can be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way.
Cvss Version 2.0
4
AV:N/AC:L/Au:S/C:P/I:N/A:N
| Access Vector | Network |
| Access Complexity | Low |
| Authentication | Single |
| Confidentiality Impact | Partial |
| Integrity Impact | None |
| Availability Impact | None |
Cvss Version 3.1
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | Low |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality Impact | Low |
| Integrity Impact | None |
| Availability Impact | None |
Cvss Version 4.0
5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | Low |
| User Interaction | None |
| Vulnerability Complexity | Low |
| Vulnerability Impact | None |
EPSS
| Epss Score | 0.00024 |
|---|---|
| Epss Percentile | 0.04845 |
ریسک پائین:: این آسیب پذیری احتمال ارائه Exploit پائینی دارد. به روز رسانی و نظارت معمولی را لحاظ نمائید.
پیشنهادات:
- به بروزرسانی مداوم سیستم و یا شبکه خود ادامه دهید.
- از بروزرسانی های آتی این آسیب پذیری مطلع شوید.