NuCom 11N Wireless Router Privilege Escalation Vulnerability

A privilege escalation vulnerability has been identified in the NuCom 11N Wireless Router, specifically in version 5.07.90. This vulnerability allows non-privileged users to access administrative credentials through the configuration backup endpoint. By sending a crafted HTTP GET request to the backup configuration page with a specific cookie, attackers can retrieve and decode the admin password, which is encoded in Base64 format.

Impact

Exploitation of this vulnerability allows non-privileged users to gain administrative access on the router, enabling them to access additional privileged pages and functionalities.

Reproduction

To reproduce this vulnerability, send an HTTP GET request to the router's configuration backup endpoint. Include a cookie with the Base64-encoded value 'user' followed by a timestamp. The response will contain the admin password encoded in Base64, which can be decoded to gain administrative access.