Filtered by vendor Nec
Subscribe
Search
Total
43 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-39548 | 1 Nec | 2 Expresscluster X, Expresscluster X Singleserversafe | 2023-12-28 | N/A | 8.8 HIGH |
| CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command. | |||||
| CVE-2023-39544 | 1 Nec | 2 Expresscluster X, Expresscluster X Singleserversafe | 2023-11-24 | N/A | 8.8 HIGH |
| CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command. | |||||
| CVE-2023-39545 | 1 Nec | 2 Expresscluster X, Expresscluster X Singleserversafe | 2023-11-24 | N/A | 8.8 HIGH |
| CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command. | |||||
| CVE-2023-39546 | 1 Nec | 2 Expresscluster X, Expresscluster X Singleserversafe | 2023-11-24 | N/A | 8.8 HIGH |
| CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command. | |||||
| CVE-2023-39547 | 1 Nec | 2 Expresscluster X, Expresscluster X Singleserversafe | 2023-11-24 | N/A | 8.8 HIGH |
| CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command. | |||||
| CVE-2021-20705 | 1 Nec | 4 Clusterpro X, Clusterpro X Singleserversafe, Expresscluster X and 1 more | 2022-04-29 | 5.0 MEDIUM | 7.5 HIGH |
| Improper input validation vulnerability in the WebManager CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote file upload via network. | |||||
| CVE-2021-20706 | 1 Nec | 4 Clusterpro X, Clusterpro X Singleserversafe, Expresscluster X and 1 more | 2022-04-29 | 5.0 MEDIUM | 7.5 HIGH |
| Improper input validation vulnerability in the WebManager CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote file upload via network. | |||||
| CVE-2021-20707 | 1 Nec | 4 Clusterpro X, Clusterpro X Singleserversafe, Expresscluster X and 1 more | 2022-04-29 | 5.0 MEDIUM | 7.5 HIGH |
| Improper input validation vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to read files upload via network.. | |||||
| CVE-2019-20026 | 1 Nec | 2 Sv9100, Sv9100 Firmware | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| The WebPro interface in NEC SV9100 software releases 7.0 or higher allows unauthenticated remote attackers to reset all existing usernames and passwords to default values via a crafted request. | |||||
| CVE-2019-20029 | 1 Nec | 8 Sl1100, Sl1100 Firmware, Sl2100 and 5 more | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| An exploitable privilege escalation vulnerability exists in the WebPro functionality of Aspire-derived NEC PBXes, including all versions of SV8100, SV9100, SL1100 and SL2100 devices. A specially crafted HTTP POST can cause privilege escalation resulting in a higher privileged account, including an undocumented developer level of access. | |||||
| CVE-2019-20028 | 1 Nec | 8 Sl1100, Sl1100 Firmware, Sl2100 and 5 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Aspire-derived NEC PBXes operating InMail software, including all versions of SV8100, SV9100, SL1100 and SL2100 devices allow unauthenticated read-only access to voicemails, greetings, and voice response system content through a system's WebPro administration interface. | |||||
| CVE-2021-20740 | 2 Hitachi, Nec | 13 Virtual File Platform, Nas Gateway Nh4a, Nas Gateway Nh4a Firmware and 10 more | 2021-07-06 | 9.0 HIGH | 8.8 HIGH |
| Hitachi Virtual File Platform Versions prior to 5.5.3-09 and Versions prior to 6.4.3-09, and NEC Storage M Series NAS Gateway Nh4a/Nh8a versions prior to FOS 5.5.3-08(NEC2.5.4a) and Nh4b/Nh8b, Nh4c/Nh8c versions prior to FOS 6.4.3-08(NEC3.4.2) allow remote authenticated attackers to execute arbitrary OS commands with root privileges via unspecified vectors. | |||||
| CVE-2021-20709 | 1 Nec | 6 Aterm Wf1200cr, Aterm Wf1200cr Firmware, Aterm Wg1200cr and 3 more | 2021-05-05 | 9.0 HIGH | 7.2 HIGH |
| Improper validation of integrity check value vulnerability in NEC Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier allows an attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to a specific URL. | |||||
| CVE-2021-20708 | 1 Nec | 6 Aterm Wf1200cr, Aterm Wf1200cr Firmware, Aterm Wg1200cr and 3 more | 2021-05-05 | 9.0 HIGH | 7.2 HIGH |
| NEC Aterm devices (Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier) allow authenticated attackers to execute arbitrary OS commands by sending a specially crafted request to a specific URL. | |||||
| CVE-2020-12695 | 18 Asus, Broadcom, Canon and 15 more | 257 Rt-n11, Adsl, Selphy Cp1200 and 254 more | 2021-04-23 | 7.8 HIGH | 7.5 HIGH |
| The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. | |||||
| CVE-2020-27859 | 1 Nec | 1 Esmpro Manager | 2021-01-26 | 5.0 MEDIUM | 7.5 HIGH |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of NEC ESMPRO Manager 6.42. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GetEuaLogDownloadAction class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-9607. | |||||
| CVE-2020-5686 | 1 Nec | 4 Univerge Sv8500, Univerge Sv8500 Firmware, Univerge Sv9500 and 1 more | 2021-01-21 | 5.0 MEDIUM | 7.5 HIGH |
| Incorrect implementation of authentication algorithm issue in UNIVERGE SV9500 series from V1 to V7and SV8500 series from S6 to S8 allows an attacker to access the remote system maintenance feature and obtain the information by sending a specially crafted request to a specific URL. | |||||
| CVE-2020-5632 | 1 Nec | 1 Infocage Siteshell | 2020-10-22 | 7.2 HIGH | 7.8 HIGH |
| InfoCage SiteShell series (Host type SiteShell for IIS V1.4, V1.5, and V1.6, Host type SiteShell for IIS prior to revision V2.0.0.6, V2.1.0.7, V2.1.1.6, V3.0.0.11, V4.0.0.6, V4.1.0.5, and V4.2.0.1, Host type SiteShell for Apache Windows V1.4, V1.5, and V1.6, and Host type SiteShell for Apache Windows prior to revision V2.0.0.6, V2.1.0.7, V2.1.1.6, V3.0.0.11, V4.0.0.6, V4.1.0.5, and V4.2.0.1) allow authenticated attackers to bypass access restriction and to execute arbitrary code with an elevated privilege via a specially crafted executable files. | |||||
| CVE-2020-17408 | 1 Nec | 1 Expresscluster X | 2020-09-15 | 5.0 MEDIUM | 7.5 HIGH |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of NEC ExpressCluster 4.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the clpwebmc executable. Due to the improper restriction of XML External Entity (XXE) references, a specially-crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-10801. | |||||
| CVE-2019-20030 | 1 Nec | 2 Um8000, Um8000 Firmware | 2020-08-03 | 4.6 MEDIUM | 7.8 HIGH |
| An attacker with knowledge of the modem access number on a NEC UM8000 voicemail system may use SSH tunneling or standard Linux utilities to gain access to the system's LAN port. All versions are affected. | |||||
| CVE-2020-5524 | 1 Nec | 6 Aterm Wf1200c, Aterm Wf1200c Firmware, Aterm Wg1200cr and 3 more | 2020-02-21 | 8.3 HIGH | 8.8 HIGH |
| Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands with root privileges via UPnP function. | |||||
| CVE-2020-5525 | 1 Nec | 6 Aterm Wf1200c, Aterm Wf1200c Firmware, Aterm Wg1200cr and 3 more | 2020-02-21 | 7.7 HIGH | 8.0 HIGH |
| Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via management screen. | |||||
| CVE-2020-5534 | 1 Nec | 2 Aterm Wg2600hs, Aterm Wg2600hs Firmware | 2020-02-21 | 7.7 HIGH | 8.0 HIGH |
| Aterm WG2600HS firmware Ver1.3.2 and earlier allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via unspecified vectors. | |||||
| CVE-2018-16194 | 1 Nec | 4 Aterm Wf1200cr, Aterm Wf1200cr Firmware, Aterm Wg1200cr and 1 more | 2019-01-17 | 9.0 HIGH | 7.2 HIGH |
| Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows authenticated attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2018-16195 | 1 Nec | 4 Aterm Wf1200cr, Aterm Wf1200cr Firmware, Aterm Wg1200cr and 1 more | 2019-01-17 | 8.3 HIGH | 8.8 HIGH |
| Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands via SOAP interface of UPnP. | |||||
| CVE-2018-0639 | 1 Nec | 2 Aterm Hc100rc, Aterm Hc100rc Firmware | 2019-01-17 | 9.0 HIGH | 7.2 HIGH |
| Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via tools_firmware.cgi date parameter, time parameter, and offset parameter. | |||||
| CVE-2018-0631 | 1 Nec | 2 Aterm W300p, Aterm W300p Firmware | 2019-01-17 | 9.0 HIGH | 7.2 HIGH |
| Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via targetAPSsid parameter. | |||||
| CVE-2018-0634 | 1 Nec | 2 Aterm Hc100rc, Aterm Hc100rc Firmware | 2019-01-17 | 9.0 HIGH | 7.2 HIGH |
| Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter or bootmode parameter of a certain URL. | |||||
| CVE-2018-0630 | 1 Nec | 2 Aterm W300p, Aterm W300p Firmware | 2019-01-17 | 9.0 HIGH | 7.2 HIGH |
| Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via sysCmd parameter. | |||||
| CVE-2018-0629 | 1 Nec | 2 Aterm W300p, Aterm W300p Firmware | 2019-01-17 | 9.0 HIGH | 7.2 HIGH |
| Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via HTTP request and response. | |||||
| CVE-2018-0628 | 1 Nec | 2 Aterm Wg1200hp, Aterm Wg1200hp Firmware | 2019-01-17 | 9.0 HIGH | 7.2 HIGH |
| Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via HTTP request and response. | |||||
| CVE-2018-0640 | 1 Nec | 2 Aterm Hc100rc, Aterm Hc100rc Firmware | 2019-01-16 | 6.5 MEDIUM | 7.2 HIGH |
| Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary code via netWizard.cgi date parameter, time parameter, and offset parameter. | |||||
| CVE-2018-0641 | 1 Nec | 2 Aterm Hc100rc, Aterm Hc100rc Firmware | 2019-01-16 | 6.5 MEDIUM | 7.2 HIGH |
| Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary code via tools_system.cgi date parameter, time parameter, and offset parameter. | |||||
| CVE-2018-0632 | 1 Nec | 2 Aterm W300p, Aterm W300p Firmware | 2019-01-16 | 6.5 MEDIUM | 7.2 HIGH |
| Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary code via HTTP request and response. | |||||
| CVE-2018-0633 | 1 Nec | 2 Aterm W300p, Aterm W300p Firmware | 2019-01-16 | 6.5 MEDIUM | 7.2 HIGH |
| Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary code via submit-url parameter. | |||||
| CVE-2018-0635 | 1 Nec | 2 Aterm Hc100rc, Aterm Hc100rc Firmware | 2019-01-15 | 9.0 HIGH | 7.2 HIGH |
| Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via filename parameter. | |||||
| CVE-2018-0636 | 1 Nec | 2 Aterm Hc100rc, Aterm Hc100rc Firmware | 2019-01-15 | 9.0 HIGH | 7.2 HIGH |
| Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter of a certain URL, different URL from CVE-2018-0634. | |||||
| CVE-2018-0637 | 1 Nec | 2 Aterm Hc100rc, Aterm Hc100rc Firmware | 2019-01-15 | 9.0 HIGH | 7.2 HIGH |
| Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via export.cgi encKey parameter. | |||||
| CVE-2018-0638 | 1 Nec | 2 Aterm Hc100rc, Aterm Hc100rc Firmware | 2019-01-15 | 9.0 HIGH | 7.2 HIGH |
| Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via import.cgi encKey parameter. | |||||
| CVE-2018-0627 | 1 Nec | 2 Aterm Wg1200hp, Aterm Wg1200hp Firmware | 2019-01-15 | 9.0 HIGH | 7.2 HIGH |
| Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via targetAPSsid parameter. | |||||
| CVE-2018-0626 | 1 Nec | 2 Aterm Wg1200hp, Aterm Wg1200hp Firmware | 2019-01-15 | 9.0 HIGH | 7.2 HIGH |
| Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via sysCmd in formWsc parameter. | |||||
| CVE-2018-0625 | 1 Nec | 2 Aterm Wg1200hp, Aterm Wg1200hp Firmware | 2019-01-15 | 9.0 HIGH | 7.2 HIGH |
| Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via formSysCmd parameter. | |||||
| CVE-2016-1145 | 1 Nec | 1 Expresscluster X | 2016-03-10 | 7.8 HIGH | 7.5 HIGH |
| Directory traversal vulnerability in WebManager in NEC EXPRESSCLUSTER X through 3.3 11.31 on Windows and through 3.3 3.3.1-1 on Linux and Solaris allows remote attackers to read arbitrary files via unspecified vectors. | |||||