Vulnerabilities > NEC
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-08 | CVE-2020-12695 | Incorrect Default Permissions vulnerability in multiple products The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. | 7.5 |
| 2020-02-21 | CVE-2020-5534 | OS Command Injection vulnerability in NEC Aterm Wg2600Hs Firmware 1.3.2 Aterm WG2600HS firmware Ver1.3.2 and earlier allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via unspecified vectors. | 7.7 |
| 2020-02-21 | CVE-2020-5533 | Cross-site Scripting vulnerability in NEC Aterm Wg2600Hs Firmware 1.3.2 Cross-site scripting vulnerability in Aterm WG2600HS firmware Ver1.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2020-02-21 | CVE-2020-5525 | OS Command Injection vulnerability in NEC products Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via management screen. | 7.7 |
| 2020-02-21 | CVE-2020-5524 | OS Command Injection vulnerability in NEC products Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands with root privileges via UPnP function. | 8.3 |
| 2019-01-09 | CVE-2018-16195 | OS Command Injection vulnerability in NEC Aterm Wf1200Cr Firmware and Aterm Wg1200Cr Firmware Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands via SOAP interface of UPnP. | 8.3 |
| 2019-01-09 | CVE-2018-16194 | OS Command Injection vulnerability in NEC Aterm Wf1200Cr Firmware and Aterm Wg1200Cr Firmware Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows authenticated attackers to execute arbitrary OS commands via unspecified vectors. | 9.0 |
| 2019-01-09 | CVE-2018-16193 | Cross-site Scripting vulnerability in NEC Aterm Wf1200Cr Firmware and Aterm Wg1200Cr Firmware Cross-site scripting vulnerability in Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
| 2019-01-09 | CVE-2018-16192 | Information Exposure vulnerability in NEC Aterm Wf1200Cr Firmware and Aterm Wg1200Cr Firmware Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allow an attacker on the same network segment to obtain information registered on the device via unspecified vectors. | 3.3 |
| 2019-01-09 | CVE-2018-0641 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in NEC Aterm Hc100Rc Firmware Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary code via tools_system.cgi date parameter, time parameter, and offset parameter. | 6.5 |