CVE-2025-5379 MEDIUM

CVE-2025-5379: NuCom NC-WR744G Console Application hard-coded credentials

Vendor Nucom
Product NC-WR744G
Weakness CWE-798 · Hardcoded credentials
Published May 31, 2025
Last update June 2, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability classified as critical was found in NuCom NC-WR744G 8.5.5 Build 20200530.307. This vulnerability affects unknown code of the component Console Application. The manipulation of the argument CMCCAdmin/useradmin/CUAdmin leads to hard-coded credentials. The attack can be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

May 31, 2025 CVE published
June 2, 2025 Record updated