Vulnerabilities > NEC > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-29 | CVE-2019-20026 | Unspecified vulnerability in NEC Sv9100 Firmware 7.0 The WebPro interface in NEC SV9100 software releases 7.0 or higher allows unauthenticated remote attackers to reset all existing usernames and passwords to default values via a crafted request. | 7.5 |
| 2020-06-08 | CVE-2020-12695 | Incorrect Default Permissions vulnerability in multiple products The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. | 7.5 |
| 2020-02-21 | CVE-2020-5534 | OS Command Injection vulnerability in NEC Aterm Wg2600Hs Firmware 1.3.2 Aterm WG2600HS firmware Ver1.3.2 and earlier allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via unspecified vectors. | 8.0 |
| 2020-02-21 | CVE-2020-5525 | OS Command Injection vulnerability in NEC products Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via management screen. | 8.0 |
| 2020-02-21 | CVE-2020-5524 | OS Command Injection vulnerability in NEC products Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands with root privileges via UPnP function. | 8.8 |
| 2019-01-09 | CVE-2018-16195 | OS Command Injection vulnerability in NEC Aterm Wf1200Cr Firmware and Aterm Wg1200Cr Firmware Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands via SOAP interface of UPnP. | 8.8 |
| 2019-01-09 | CVE-2018-16194 | OS Command Injection vulnerability in NEC Aterm Wf1200Cr Firmware and Aterm Wg1200Cr Firmware Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows authenticated attackers to execute arbitrary OS commands via unspecified vectors. | 7.2 |
| 2019-01-09 | CVE-2018-0641 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in NEC Aterm Hc100Rc Firmware 1.0.1 Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary code via tools_system.cgi date parameter, time parameter, and offset parameter. | 7.2 |
| 2019-01-09 | CVE-2018-0640 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in NEC Aterm Hc100Rc Firmware 1.0.1 Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary code via netWizard.cgi date parameter, time parameter, and offset parameter. | 7.2 |
| 2019-01-09 | CVE-2018-0639 | OS Command Injection vulnerability in NEC Aterm Hc100Rc Firmware 1.0.1 Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via tools_firmware.cgi date parameter, time parameter, and offset parameter. | 7.2 |