Vulnerabilities > NEC

DATE CVE VULNERABILITY TITLE RISK
2020-06-08 CVE-2020-12695 Incorrect Default Permissions vulnerability in multiple products
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
7.5
2020-02-21 CVE-2020-5534 OS Command Injection vulnerability in NEC Aterm Wg2600Hs Firmware 1.3.2
Aterm WG2600HS firmware Ver1.3.2 and earlier allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via unspecified vectors.
low complexity
nec CWE-78
8.0
2020-02-21 CVE-2020-5533 Cross-site Scripting vulnerability in NEC Aterm Wg2600Hs Firmware 1.3.2
Cross-site scripting vulnerability in Aterm WG2600HS firmware Ver1.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
nec CWE-79
6.1
2020-02-21 CVE-2020-5525 OS Command Injection vulnerability in NEC products
Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via management screen.
low complexity
nec CWE-78
8.0
2020-02-21 CVE-2020-5524 OS Command Injection vulnerability in NEC products
Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands with root privileges via UPnP function.
low complexity
nec CWE-78
8.8
2019-01-09 CVE-2018-16195 OS Command Injection vulnerability in NEC Aterm Wf1200Cr Firmware and Aterm Wg1200Cr Firmware
Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands via SOAP interface of UPnP.
low complexity
nec CWE-78
8.8
2019-01-09 CVE-2018-16194 OS Command Injection vulnerability in NEC Aterm Wf1200Cr Firmware and Aterm Wg1200Cr Firmware
Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows authenticated attackers to execute arbitrary OS commands via unspecified vectors.
network
low complexity
nec CWE-78
7.2
2019-01-09 CVE-2018-16193 Cross-site Scripting vulnerability in NEC Aterm Wf1200Cr Firmware and Aterm Wg1200Cr Firmware
Cross-site scripting vulnerability in Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
nec CWE-79
5.4
2019-01-09 CVE-2018-16192 Information Exposure vulnerability in NEC Aterm Wf1200Cr Firmware and Aterm Wg1200Cr Firmware
Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allow an attacker on the same network segment to obtain information registered on the device via unspecified vectors.
low complexity
nec CWE-200
6.5
2019-01-09 CVE-2018-0641 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in NEC Aterm Hc100Rc Firmware 1.0.1
Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary code via tools_system.cgi date parameter, time parameter, and offset parameter.
network
low complexity
nec CWE-119
7.2