Filtered by vendor Nec
Subscribe
Total
105 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-20027 | 1 Nec | 8 Sl1100, Sl1100 Firmware, Sl2100 and 5 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Aspire-derived NEC PBXes, including the SV8100, SV9100, SL1100 and SL2100 with software releases 7.0 or higher contain the possibility if incorrectly configured to allow a blank username and password combination to be entered as a valid, successfully authenticating account. | |||||
| CVE-2020-10917 | 1 Nec | 1 Esmpro Manager | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of NEC ESMPRO Manager 6.42. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RMI service. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10007. | |||||
| CVE-2019-20033 | 1 Nec | 2 Sv8100, Sv8100 Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| On Aspire-derived NEC PBXes, including all versions of SV8100 devices, a set of documented, static login credentials may be used to access the DIM interface. | |||||
| CVE-2019-20032 | 1 Nec | 8 Sl1100, Sl1100 Firmware, Sl2100 and 5 more | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| An attacker with access to an InMail voicemail box equipped with the find me/follow me feature on Aspire-derived NEC PBXes, including all versions of SV8100, SV9100, SL1100 and SL2100 devices, may access the system's administration modem. | |||||
| CVE-2019-20029 | 1 Nec | 8 Sl1100, Sl1100 Firmware, Sl2100 and 5 more | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| An exploitable privilege escalation vulnerability exists in the WebPro functionality of Aspire-derived NEC PBXes, including all versions of SV8100, SV9100, SL1100 and SL2100 devices. A specially crafted HTTP POST can cause privilege escalation resulting in a higher privileged account, including an undocumented developer level of access. | |||||
| CVE-2019-20026 | 1 Nec | 2 Sv9100, Sv9100 Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| The WebPro interface in NEC SV9100 software releases 7.0 or higher allows unauthenticated remote attackers to reset all existing usernames and passwords to default values via a crafted request. | |||||
| CVE-2020-17408 | 1 Nec | 1 Expresscluster X | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of NEC ExpressCluster 4.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the clpwebmc executable. Due to the improper restriction of XML External Entity (XXE) references, a specially-crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-10801. | |||||
| CVE-2019-20030 | 1 Nec | 2 Um8000, Um8000 Firmware | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
| An attacker with knowledge of the modem access number on a NEC UM8000 voicemail system may use SSH tunneling or standard Linux utilities to gain access to the system's LAN port. All versions are affected. | |||||
| CVE-2019-20025 | 1 Nec | 2 Sv9100, Sv9100 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| Certain builds of NEC SV9100 software could allow an unauthenticated, remote attacker to log into a device running an affected release with a hardcoded username and password, aka a Static Credential Vulnerability. The vulnerability is due to an undocumented user account with manufacturer privilege level. An attacker could exploit this vulnerability by using this account to remotely log into an affected device. A successful exploit could allow the attacker to log into the device with manufacturer level access. This vulnerability affects SV9100 PBXes that are running software release 6.0 or higher. This vulnerability does not affect SV9100 software releases prior to 6.0. | |||||
| CVE-2019-20031 | 1 Nec | 4 Um4730, Um4730 Firmware, Um8000 and 1 more | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
| NEC UM8000, UM4730 and prior non-InMail voicemail systems with all known software versions may permit an infinite number of login attempts in the telephone user interface (TUI), effectively allowing brute force attacks. | |||||
| CVE-2019-20028 | 1 Nec | 8 Sl1100, Sl1100 Firmware, Sl2100 and 5 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Aspire-derived NEC PBXes operating InMail software, including all versions of SV8100, SV9100, SL1100 and SL2100 devices allow unauthenticated read-only access to voicemails, greetings, and voice response system content through a system's WebPro administration interface. | |||||
| CVE-2020-5533 | 1 Nec | 2 Aterm Wg2600hs, Aterm Wg2600hs Firmware | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Aterm WG2600HS firmware Ver1.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2020-5525 | 1 Nec | 6 Aterm Wf1200c, Aterm Wf1200c Firmware, Aterm Wg1200cr and 3 more | 2023-12-10 | 7.7 HIGH | 8.0 HIGH |
| Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via management screen. | |||||
| CVE-2020-5524 | 1 Nec | 6 Aterm Wf1200c, Aterm Wf1200c Firmware, Aterm Wg1200cr and 3 more | 2023-12-10 | 8.3 HIGH | 8.8 HIGH |
| Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands with root privileges via UPnP function. | |||||
| CVE-2020-5534 | 1 Nec | 2 Aterm Wg2600hs, Aterm Wg2600hs Firmware | 2023-12-10 | 7.7 HIGH | 8.0 HIGH |
| Aterm WG2600HS firmware Ver1.3.2 and earlier allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via unspecified vectors. | |||||
| CVE-2018-16194 | 1 Nec | 4 Aterm Wf1200cr, Aterm Wf1200cr Firmware, Aterm Wg1200cr and 1 more | 2023-12-10 | 9.0 HIGH | 7.2 HIGH |
| Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows authenticated attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2018-0625 | 1 Nec | 2 Aterm Wg1200hp, Aterm Wg1200hp Firmware | 2023-12-10 | 9.0 HIGH | 7.2 HIGH |
| Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via formSysCmd parameter. | |||||
| CVE-2018-0640 | 1 Nec | 2 Aterm Hc100rc, Aterm Hc100rc Firmware | 2023-12-10 | 6.5 MEDIUM | 7.2 HIGH |
| Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary code via netWizard.cgi date parameter, time parameter, and offset parameter. | |||||
| CVE-2018-0632 | 1 Nec | 2 Aterm W300p, Aterm W300p Firmware | 2023-12-10 | 6.5 MEDIUM | 7.2 HIGH |
| Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary code via HTTP request and response. | |||||
| CVE-2018-0641 | 1 Nec | 2 Aterm Hc100rc, Aterm Hc100rc Firmware | 2023-12-10 | 6.5 MEDIUM | 7.2 HIGH |
| Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary code via tools_system.cgi date parameter, time parameter, and offset parameter. | |||||