Filtered by vendor Nec
Subscriptions
Total
111 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-20032 | 1 Nec | 8 Sl1100, Sl1100 Firmware, Sl2100 and 5 more | 2024-11-21 | 6.5 Medium |
| An attacker with access to an InMail voicemail box equipped with the find me/follow me feature on Aspire-derived NEC PBXes, including all versions of SV8100, SV9100, SL1100 and SL2100 devices, may access the system's administration modem. | ||||
| CVE-2019-20031 | 1 Nec | 4 Um4730, Um4730 Firmware, Um8000 and 1 more | 2024-11-21 | 9.1 Critical |
| NEC UM8000, UM4730 and prior non-InMail voicemail systems with all known software versions may permit an infinite number of login attempts in the telephone user interface (TUI), effectively allowing brute force attacks. | ||||
| CVE-2019-20030 | 1 Nec | 2 Um8000, Um8000 Firmware | 2024-11-21 | 7.8 High |
| An attacker with knowledge of the modem access number on a NEC UM8000 voicemail system may use SSH tunneling or standard Linux utilities to gain access to the system's LAN port. All versions are affected. | ||||
| CVE-2019-20029 | 1 Nec | 8 Sl1100, Sl1100 Firmware, Sl2100 and 5 more | 2024-11-21 | 8.8 High |
| An exploitable privilege escalation vulnerability exists in the WebPro functionality of Aspire-derived NEC PBXes, including all versions of SV8100, SV9100, SL1100 and SL2100 devices. A specially crafted HTTP POST can cause privilege escalation resulting in a higher privileged account, including an undocumented developer level of access. | ||||
| CVE-2019-20028 | 1 Nec | 8 Sl1100, Sl1100 Firmware, Sl2100 and 5 more | 2024-11-21 | 7.5 High |
| Aspire-derived NEC PBXes operating InMail software, including all versions of SV8100, SV9100, SL1100 and SL2100 devices allow unauthenticated read-only access to voicemails, greetings, and voice response system content through a system's WebPro administration interface. | ||||
| CVE-2019-20027 | 1 Nec | 8 Sl1100, Sl1100 Firmware, Sl2100 and 5 more | 2024-11-21 | 9.8 Critical |
| Aspire-derived NEC PBXes, including the SV8100, SV9100, SL1100 and SL2100 with software releases 7.0 or higher contain the possibility if incorrectly configured to allow a blank username and password combination to be entered as a valid, successfully authenticating account. | ||||
| CVE-2019-20026 | 1 Nec | 2 Sv9100, Sv9100 Firmware | 2024-11-21 | 7.5 High |
| The WebPro interface in NEC SV9100 software releases 7.0 or higher allows unauthenticated remote attackers to reset all existing usernames and passwords to default values via a crafted request. | ||||
| CVE-2019-20025 | 1 Nec | 2 Sv9100, Sv9100 Firmware | 2024-11-21 | 9.8 Critical |
| Certain builds of NEC SV9100 software could allow an unauthenticated, remote attacker to log into a device running an affected release with a hardcoded username and password, aka a Static Credential Vulnerability. The vulnerability is due to an undocumented user account with manufacturer privilege level. An attacker could exploit this vulnerability by using this account to remotely log into an affected device. A successful exploit could allow the attacker to log into the device with manufacturer level access. This vulnerability affects SV9100 PBXes that are running software release 6.0 or higher. This vulnerability does not affect SV9100 software releases prior to 6.0. | ||||
| CVE-2018-16195 | 1 Nec | 4 Aterm Wf1200cr, Aterm Wf1200cr Firmware, Aterm Wg1200cr and 1 more | 2024-11-21 | N/A |
| Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands via SOAP interface of UPnP. | ||||
| CVE-2018-16194 | 1 Nec | 4 Aterm Wf1200cr, Aterm Wf1200cr Firmware, Aterm Wg1200cr and 1 more | 2024-11-21 | N/A |
| Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows authenticated attackers to execute arbitrary OS commands via unspecified vectors. | ||||
| CVE-2018-16193 | 1 Nec | 4 Aterm Wf1200cr, Aterm Wf1200cr Firmware, Aterm Wg1200cr and 1 more | 2024-11-21 | N/A |
| Cross-site scripting vulnerability in Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2018-16192 | 1 Nec | 4 Aterm Wf1200cr, Aterm Wf1200cr Firmware, Aterm Wg1200cr and 1 more | 2024-11-21 | N/A |
| Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allow an attacker on the same network segment to obtain information registered on the device via unspecified vectors. | ||||
| CVE-2018-11742 | 1 Nec | 2 Univerge Sv9100 Webpro, Univerge Sv9100 Webpro Firmware | 2024-11-21 | 9.8 Critical |
| NEC Univerge Sv9100 WebPro 6.00.00 devices have Cleartext Password Storage in the Web UI. | ||||
| CVE-2018-11741 | 1 Nec | 2 Univerge Sv9100 Webpro, Univerge Sv9100 Webpro Firmware | 2024-11-21 | 9.8 Critical |
| NEC Univerge Sv9100 WebPro 6.00.00 devices have Predictable Session IDs that result in Account Information Disclosure via Home.htm?sessionId=#####&GOTO(8) URIs. | ||||
| CVE-2018-0641 | 1 Nec | 2 Aterm Hc100rc, Aterm Hc100rc Firmware | 2024-11-21 | N/A |
| Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary code via tools_system.cgi date parameter, time parameter, and offset parameter. | ||||
| CVE-2018-0640 | 1 Nec | 2 Aterm Hc100rc, Aterm Hc100rc Firmware | 2024-11-21 | N/A |
| Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary code via netWizard.cgi date parameter, time parameter, and offset parameter. | ||||
| CVE-2018-0639 | 1 Nec | 2 Aterm Hc100rc, Aterm Hc100rc Firmware | 2024-11-21 | N/A |
| Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via tools_firmware.cgi date parameter, time parameter, and offset parameter. | ||||
| CVE-2018-0638 | 1 Nec | 2 Aterm Hc100rc, Aterm Hc100rc Firmware | 2024-11-21 | N/A |
| Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via import.cgi encKey parameter. | ||||
| CVE-2018-0637 | 1 Nec | 2 Aterm Hc100rc, Aterm Hc100rc Firmware | 2024-11-21 | N/A |
| Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via export.cgi encKey parameter. | ||||
| CVE-2018-0636 | 1 Nec | 2 Aterm Hc100rc, Aterm Hc100rc Firmware | 2024-11-21 | N/A |
| Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter of a certain URL, different URL from CVE-2018-0634. | ||||