Vulnerabilities > NEC
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-04-26 | CVE-2021-20709 | Improper Validation of Integrity Check Value vulnerability in NEC products Improper validation of integrity check value vulnerability in NEC Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier allows an attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to a specific URL. | 7.2 |
2021-04-26 | CVE-2021-20708 | OS Command Injection vulnerability in NEC products NEC Aterm devices (Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier) allow authenticated attackers to execute arbitrary OS commands by sending a specially crafted request to a specific URL. | 7.2 |
2021-02-17 | CVE-2021-20653 | Incorrect Default Permissions vulnerability in NEC products Calsos CSDJ (CSDJ-B 01.08.00 and earlier, CSDJ-H 01.08.00 and earlier, CSDJ-D 01.08.00 and earlier, and CSDJ-A 03.08.00 and earlier) allows remote attackers to bypass access restriction and to obtain unauthorized historical data without access privileges via unspecified vectors. | 5.3 |
2021-01-20 | CVE-2020-27859 | Path Traversal vulnerability in NEC Esmpro Manager 6.42 This vulnerability allows remote attackers to disclose sensitive information on affected installations of NEC ESMPRO Manager 6.42. | 7.5 |
2021-01-13 | CVE-2020-5686 | Improper Authentication vulnerability in NEC Univerge Sv8500 Firmware and Univerge Sv9500 Firmware Incorrect implementation of authentication algorithm issue in UNIVERGE SV9500 series from V1 to V7and SV8500 series from S6 to S8 allows an attacker to access the remote system maintenance feature and obtain the information by sending a specially crafted request to a specific URL. | 7.5 |
2021-01-13 | CVE-2020-5685 | OS Command Injection vulnerability in NEC Univerge Sv8500 Firmware and Univerge Sv9500 Firmware UNIVERGE SV9500 series from V1 to V7and SV8500 series from S6 to S8 allows an attacker to execute arbitrary OS commands or cause a denial-of-service (DoS) condition by sending a specially crafted request to a specific URL. | 9.8 |
2021-01-13 | CVE-2020-5633 | Improper Authentication vulnerability in NEC Baseboard Management Controller 1.07/1.09 Multiple NEC products (Express5800/T110j, Express5800/T110j-S, Express5800/T110j (2nd-Gen), Express5800/T110j-S (2nd-Gen), iStorage NS100Ti, and Express5800/GT110j) where Baseboard Management Controller (BMC) firmware Rev1.09 and earlier is applied allows remote attackers to bypass authentication and then obtain/modify BMC setting information, obtain monitoring information, or reboot/shut down the vulnerable product via unspecified vectors. | 9.8 |
2020-12-24 | CVE-2020-5684 | Improper Certificate Validation vulnerability in NEC ISM Server 5.1 iSM client versions from V5.1 prior to V12.1 running on NEC Storage Manager or NEC Storage Manager Express does not verify a server certificate properly, which allows a man-in-the-middle attacker to eavesdrop on an encrypted communication or alter the communication via a crafted certificate. | 4.8 |
2020-10-06 | CVE-2020-5632 | Unspecified vulnerability in NEC Infocage Siteshell InfoCage SiteShell series (Host type SiteShell for IIS V1.4, V1.5, and V1.6, Host type SiteShell for IIS prior to revision V2.0.0.6, V2.1.0.7, V2.1.1.6, V3.0.0.11, V4.0.0.6, V4.1.0.5, and V4.2.0.1, Host type SiteShell for Apache Windows V1.4, V1.5, and V1.6, and Host type SiteShell for Apache Windows prior to revision V2.0.0.6, V2.1.0.7, V2.1.1.6, V3.0.0.11, V4.0.0.6, V4.1.0.5, and V4.2.0.1) allow authenticated attackers to bypass access restriction and to execute arbitrary code with an elevated privilege via a specially crafted executable files. | 7.8 |
2020-09-10 | CVE-2020-17408 | Unspecified vulnerability in NEC Expresscluster X 4.1/4.2 This vulnerability allows remote attackers to disclose sensitive information on affected installations of NEC ExpressCluster 4.1. | 7.5 |