Vulnerabilities > NEC

DATE CVE VULNERABILITY TITLE RISK
2023-11-30 CVE-2023-3741 OS Command Injection vulnerability in NEC products
An OS Command injection vulnerability in NEC Platforms DT900 and DT900S Series all versions allows an attacker to execute any command on the device.
network
low complexity
nec CWE-78
critical
9.8
2023-11-17 CVE-2023-39544 Missing Authorization vulnerability in NEC products
CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.
network
low complexity
nec CWE-862
8.8
2023-11-17 CVE-2023-39545 Files or Directories Accessible to External Parties vulnerability in NEC products
CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.
network
low complexity
nec CWE-552
8.8
2023-11-17 CVE-2023-39546 Unspecified vulnerability in NEC products
CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.
network
low complexity
nec
8.8
2023-11-17 CVE-2023-39547 Authentication Bypass by Capture-replay vulnerability in NEC products
CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.
network
low complexity
nec CWE-294
8.8
2023-11-17 CVE-2023-39548 Unrestricted Upload of File with Dangerous Type vulnerability in NEC products
CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.
network
low complexity
nec CWE-434
8.8
2023-08-09 CVE-2023-39341 Improper Handling of Exceptional Conditions vulnerability in multiple products
"FFRI yarai", "FFRI yarai Home and Business Edition" and their OEM products handle exceptional conditions improperly, which may lead to denial-of-service (DoS) condition.
local
low complexity
ffri soliton nec skygroup CWE-755
3.3
2023-06-28 CVE-2023-3330 Path Traversal vulnerability in NEC products
Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to obtain specific files in the product.
network
low complexity
nec CWE-22
4.3
2023-06-28 CVE-2023-3331 Path Traversal vulnerability in NEC products
Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to delete specific files in the product.
network
low complexity
nec CWE-22
5.4
2023-06-28 CVE-2023-3332 Cross-site Scripting vulnerability in NEC products
Improper Neutralization of Input During Web Page Generation vulnerability in NEC Corporation Aterm Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to  execute an arbitrary script, after obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities.
network
low complexity
nec CWE-79
4.8