Vulnerabilities > NEC > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-03 | CVE-2021-20704 | Classic Buffer Overflow vulnerability in NEC products Buffer overflow vulnerability in the compatible API with previous versions CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote code execution via a network. | 9.8 |
| 2021-04-26 | CVE-2021-20711 | OS Command Injection vulnerability in NEC Aterm Wg2600Hs Firmware 1.3.2/1.5.1 Aterm WG2600HS firmware Ver1.5.1 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. | 9.8 |
| 2021-01-13 | CVE-2020-5685 | OS Command Injection vulnerability in NEC Univerge Sv8500 Firmware and Univerge Sv9500 Firmware UNIVERGE SV9500 series from V1 to V7and SV8500 series from S6 to S8 allows an attacker to execute arbitrary OS commands or cause a denial-of-service (DoS) condition by sending a specially crafted request to a specific URL. | 9.8 |
| 2021-01-13 | CVE-2020-5633 | Improper Authentication vulnerability in NEC Baseboard Management Controller 1.07/1.09 Multiple NEC products (Express5800/T110j, Express5800/T110j-S, Express5800/T110j (2nd-Gen), Express5800/T110j-S (2nd-Gen), iStorage NS100Ti, and Express5800/GT110j) where Baseboard Management Controller (BMC) firmware Rev1.09 and earlier is applied allows remote attackers to bypass authentication and then obtain/modify BMC setting information, obtain monitoring information, or reboot/shut down the vulnerable product via unspecified vectors. | 9.8 |
| 2020-07-29 | CVE-2019-20033 | Improper Authentication vulnerability in NEC Sv8100 Firmware On Aspire-derived NEC PBXes, including all versions of SV8100 devices, a set of documented, static login credentials may be used to access the DIM interface. | 9.8 |
| 2020-07-29 | CVE-2019-20031 | Improper Restriction of Excessive Authentication Attempts vulnerability in NEC Um4730 Firmware and Um8000 Firmware NEC UM8000, UM4730 and prior non-InMail voicemail systems with all known software versions may permit an infinite number of login attempts in the telephone user interface (TUI), effectively allowing brute force attacks. | 9.1 |
| 2020-07-29 | CVE-2019-20027 | Improper Authentication vulnerability in NEC products Aspire-derived NEC PBXes, including the SV8100, SV9100, SL1100 and SL2100 with software releases 7.0 or higher contain the possibility if incorrectly configured to allow a blank username and password combination to be entered as a valid, successfully authenticating account. | 9.8 |
| 2020-07-29 | CVE-2019-20025 | Use of Hard-coded Credentials vulnerability in NEC Sv9100 Firmware 6.0/7.0 Certain builds of NEC SV9100 software could allow an unauthenticated, remote attacker to log into a device running an affected release with a hardcoded username and password, aka a Static Credential Vulnerability. | 9.8 |
| 2020-07-22 | CVE-2020-10917 | Deserialization of Untrusted Data vulnerability in NEC Esmpro Manager 6.42 This vulnerability allows remote attackers to execute arbitrary code on affected installations of NEC ESMPRO Manager 6.42. | 9.8 |
| 2018-12-26 | CVE-2018-11742 | Insufficiently Protected Credentials vulnerability in NEC Univerge Sv9100 Webpro Firmware 6.00.00 NEC Univerge Sv9100 WebPro 6.00.00 devices have Cleartext Password Storage in the Web UI. | 9.8 |