Vulnerabilities > NEC

DATE CVE VULNERABILITY TITLE RISK
2019-01-09 CVE-2018-0630 OS Command Injection vulnerability in NEC Aterm W300P Firmware
Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via sysCmd parameter.
network
low complexity
nec CWE-78
critical
9.0
2019-01-09 CVE-2018-0629 OS Command Injection vulnerability in NEC Aterm W300P Firmware
Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via HTTP request and response.
network
low complexity
nec CWE-78
critical
9.0
2019-01-09 CVE-2018-0628 OS Command Injection vulnerability in NEC Aterm Wg1200Hp Firmware
Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via HTTP request and response.
network
low complexity
nec CWE-78
critical
9.0
2019-01-09 CVE-2018-0627 OS Command Injection vulnerability in NEC Aterm Wg1200Hp Firmware
Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via targetAPSsid parameter.
network
low complexity
nec CWE-78
critical
9.0
2019-01-09 CVE-2018-0626 OS Command Injection vulnerability in NEC Aterm Wg1200Hp Firmware
Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via sysCmd in formWsc parameter.
network
low complexity
nec CWE-78
critical
9.0
2019-01-09 CVE-2018-0625 OS Command Injection vulnerability in NEC Aterm Wg1200Hp Firmware
Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via formSysCmd parameter.
network
low complexity
nec CWE-78
critical
9.0
2018-12-26 CVE-2018-11742 Insufficiently Protected Credentials vulnerability in NEC Univerge Sv9100 Webpro Firmware 6.00.00
NEC Univerge Sv9100 WebPro 6.00.00 devices have Cleartext Password Storage in the Web UI.
network
low complexity
nec CWE-522
5.0
2018-12-26 CVE-2018-11741 Information Exposure vulnerability in NEC Univerge Sv9100 Webpro Firmware 6.00.00
NEC Univerge Sv9100 WebPro 6.00.00 devices have Predictable Session IDs that result in Account Information Disclosure via Home.htm?sessionId=#####&GOTO(8) URIs.
network
low complexity
nec CWE-200
5.0
2016-01-30 CVE-2016-1145 Path Traversal vulnerability in NEC Expresscluster X 3.3
Directory traversal vulnerability in WebManager in NEC EXPRESSCLUSTER X through 3.3 11.31 on Windows and through 3.3 3.3.1-1 on Linux and Solaris allows remote attackers to read arbitrary files via unspecified vectors.
network
low complexity
nec CWE-22
7.8
2014-01-23 CVE-2013-7314 Unspecified vulnerability in NEC products
The OSPF implementation on NEC IP38X, IX1000, IX2000, and IX3000 routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.
network
nec
6.8