Vulnerabilities > NEC
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-09 | CVE-2018-0630 | OS Command Injection vulnerability in NEC Aterm W300P Firmware 1.0.12/1.0.13/1.0.3 Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via sysCmd parameter. | 7.2 |
| 2019-01-09 | CVE-2018-0629 | OS Command Injection vulnerability in NEC Aterm W300P Firmware 1.0.12/1.0.13/1.0.3 Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via HTTP request and response. | 7.2 |
| 2019-01-09 | CVE-2018-0628 | OS Command Injection vulnerability in NEC Aterm Wg1200Hp Firmware 1.0.31/1.0.8 Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via HTTP request and response. | 7.2 |
| 2019-01-09 | CVE-2018-0627 | OS Command Injection vulnerability in NEC Aterm Wg1200Hp Firmware 1.0.31/1.0.8 Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via targetAPSsid parameter. | 7.2 |
| 2019-01-09 | CVE-2018-0626 | OS Command Injection vulnerability in NEC Aterm Wg1200Hp Firmware 1.0.31/1.0.8 Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via sysCmd in formWsc parameter. | 7.2 |
| 2019-01-09 | CVE-2018-0625 | OS Command Injection vulnerability in NEC Aterm Wg1200Hp Firmware 1.0.31/1.0.8 Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via formSysCmd parameter. | 7.2 |
| 2018-12-26 | CVE-2018-11742 | Insufficiently Protected Credentials vulnerability in NEC Univerge Sv9100 Webpro Firmware 6.00.00 NEC Univerge Sv9100 WebPro 6.00.00 devices have Cleartext Password Storage in the Web UI. | 9.8 |
| 2018-12-26 | CVE-2018-11741 | Information Exposure vulnerability in NEC Univerge Sv9100 Webpro Firmware 6.00.00 NEC Univerge Sv9100 WebPro 6.00.00 devices have Predictable Session IDs that result in Account Information Disclosure via Home.htm?sessionId=#####&GOTO(8) URIs. | 9.8 |
| 2016-01-30 | CVE-2016-1145 | Path Traversal vulnerability in NEC Expresscluster X 3.3 Directory traversal vulnerability in WebManager in NEC EXPRESSCLUSTER X through 3.3 11.31 on Windows and through 3.3 3.3.1-1 on Linux and Solaris allows remote attackers to read arbitrary files via unspecified vectors. | 7.5 |