Vulnerabilities > NEC > Sv9100 Firmware > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-29 | CVE-2019-20025 | Use of Hard-coded Credentials vulnerability in NEC Sv9100 Firmware 6.0/7.0 Certain builds of NEC SV9100 software could allow an unauthenticated, remote attacker to log into a device running an affected release with a hardcoded username and password, aka a Static Credential Vulnerability. | 9.8 |
| 2020-07-29 | CVE-2019-20027 | Improper Authentication vulnerability in NEC products Aspire-derived NEC PBXes, including the SV8100, SV9100, SL1100 and SL2100 with software releases 7.0 or higher contain the possibility if incorrectly configured to allow a blank username and password combination to be entered as a valid, successfully authenticating account. | 9.8 |