NecCVEs & Vulnerabilities

117 CVEs affecting Nec products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

expresscluster x 79expresscluster x singleserversafe 76aterm w300p firmware 18aterm w300p 18aterm wg1200hp firmware 17aterm wg1200hp 17aterm wf300hp 16aterm wg1400hp 16
CVE-2020-5633CRITICAL

Multiple NEC products (Express5800/T110j, Express5800/T110j-S, Express5800/T110j (2nd-Gen), Express5800/T110j-S (2nd-Gen), iStorage NS100Ti, and Express5800/GT110j) where Baseboard Management Controller (BMC) firmware Rev1.09 and earlier is applied allows remote attackers to bypass authentication and then obtain/modify BMC setting information, obtain monitoring information, or reboot/shut down the vulnerable product via unspecified vectors.

13 Jan 2021
9.8
CVSS
CVE-2020-5684MEDIUM

iSM client versions from V5.1 prior to V12.1 running on NEC Storage Manager or NEC Storage Manager Express does not verify a server certificate properly, which allows a man-in-the-middle attacker to eavesdrop on an encrypted communication or alter the communication via a crafted certificate.

24 Dec 2020
4.8
CVSS
CVE-2020-5632HIGH

InfoCage SiteShell series (Host type SiteShell for IIS V1.4, V1.5, and V1.6, Host type SiteShell for IIS prior to revision V2.0.0.6, V2.1.0.7, V2.1.1.6, V3.0.0.11, V4.0.0.6, V4.1.0.5, and V4.2.0.1, Host type SiteShell for Apache Windows V1.4, V1.5, and V1.6, and Host type SiteShell for Apache Windows prior to revision V2.0.0.6, V2.1.0.7, V2.1.1.6, V3.0.0.11, V4.0.0.6, V4.1.0.5, and V4.2.0.1) allow authenticated attackers to bypass access restriction and to execute arbitrary code with an elevated privilege via a specially crafted executable files.

6 Oct 2020
7.8
CVSS
CVE-2020-17408HIGH

This vulnerability allows remote attackers to disclose sensitive information on affected installations of NEC ExpressCluster 4.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the clpwebmc executable. Due to the improper restriction of XML External Entity (XXE) references, a specially-crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-10801.

10 Sep 2020
7.5
CVSS
CVE-2019-20033CRITICAL

On Aspire-derived NEC PBXes, including all versions of SV8100 devices, a set of documented, static login credentials may be used to access the DIM interface.

29 Jul 2020
9.8
CVSS
CVE-2019-20032MEDIUM

An attacker with access to an InMail voicemail box equipped with the find me/follow me feature on Aspire-derived NEC PBXes, including all versions of SV8100, SV9100, SL1100 and SL2100 devices, may access the system's administration modem.

29 Jul 2020
6.5
CVSS
CVE-2019-20031CRITICAL

NEC UM8000, UM4730 and prior non-InMail voicemail systems with all known software versions may permit an infinite number of login attempts in the telephone user interface (TUI), effectively allowing brute force attacks.

29 Jul 2020
9.1
CVSS
CVE-2019-20030HIGH

An attacker with knowledge of the modem access number on a NEC UM8000 voicemail system may use SSH tunneling or standard Linux utilities to gain access to the system's LAN port. All versions are affected.

29 Jul 2020
7.8
CVSS
CVE-2019-20029HIGH

An exploitable privilege escalation vulnerability exists in the WebPro functionality of Aspire-derived NEC PBXes, including all versions of SV8100, SV9100, SL1100 and SL2100 devices. A specially crafted HTTP POST can cause privilege escalation resulting in a higher privileged account, including an undocumented developer level of access.

29 Jul 2020
8.8
CVSS
CVE-2019-20028HIGH

Aspire-derived NEC PBXes operating InMail software, including all versions of SV8100, SV9100, SL1100 and SL2100 devices allow unauthenticated read-only access to voicemails, greetings, and voice response system content through a system's WebPro administration interface.

29 Jul 2020
7.5
CVSS
CVE-2019-20027CRITICAL

Aspire-derived NEC PBXes, including the SV8100, SV9100, SL1100 and SL2100 with software releases 7.0 or higher contain the possibility if incorrectly configured to allow a blank username and password combination to be entered as a valid, successfully authenticating account.

29 Jul 2020
9.8
CVSS
CVE-2019-20026HIGH

The WebPro interface in NEC SV9100 software releases 7.0 or higher allows unauthenticated remote attackers to reset all existing usernames and passwords to default values via a crafted request.

29 Jul 2020
7.5
CVSS
CVE-2019-20025CRITICAL

Certain builds of NEC SV9100 software could allow an unauthenticated, remote attacker to log into a device running an affected release with a hardcoded username and password, aka a Static Credential Vulnerability. The vulnerability is due to an undocumented user account with manufacturer privilege level. An attacker could exploit this vulnerability by using this account to remotely log into an affected device. A successful exploit could allow the attacker to log into the device with manufacturer level access. This vulnerability affects SV9100 PBXes that are running software release 6.0 or higher. This vulnerability does not affect SV9100 software releases prior to 6.0.

29 Jul 2020
9.8
CVSS
CVE-2020-10917CRITICAL

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NEC ESMPRO Manager 6.42. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RMI service. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10007.

23 Jul 2020
9.8
CVSS
CVE-2020-12695HIGH

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.

8 Jun 2020
7.5
CVSS
CVE-2020-5534HIGH

Aterm WG2600HS firmware Ver1.3.2 and earlier allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via unspecified vectors.

21 Feb 2020
8.0
CVSS
CVE-2020-5533MEDIUM

Cross-site scripting vulnerability in Aterm WG2600HS firmware Ver1.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

21 Feb 2020
6.1
CVSS
CVE-2020-5525HIGH

Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via management screen.

21 Feb 2020
8.0
CVSS
CVE-2020-5524HIGH

Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands with root privileges via UPnP function.

21 Feb 2020
8.8
CVSS
CVE-2018-16195HIGH

Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands via SOAP interface of UPnP.

10 Jan 2019
8.8
CVSS
CVE-2018-16194HIGH

Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows authenticated attackers to execute arbitrary OS commands via unspecified vectors.

10 Jan 2019
7.2
CVSS
CVE-2018-16193MEDIUM

Cross-site scripting vulnerability in Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

10 Jan 2019
5.4
CVSS
CVE-2018-16192MEDIUM

Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allow an attacker on the same network segment to obtain information registered on the device via unspecified vectors.

10 Jan 2019
6.5
CVSS
CVE-2018-0641HIGH

Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary code via tools_system.cgi date parameter, time parameter, and offset parameter.

10 Jan 2019
7.2
CVSS
CVE-2018-0640HIGH

Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary code via netWizard.cgi date parameter, time parameter, and offset parameter.

10 Jan 2019
7.2
CVSS
CVE-2018-0639HIGH

Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via tools_firmware.cgi date parameter, time parameter, and offset parameter.

10 Jan 2019
7.2
CVSS
CVE-2018-0638HIGH

Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via import.cgi encKey parameter.

10 Jan 2019
7.2
CVSS
CVE-2018-0637HIGH

Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via export.cgi encKey parameter.

10 Jan 2019
7.2
CVSS
CVE-2018-0636HIGH

Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter of a certain URL, different URL from CVE-2018-0634.

10 Jan 2019
7.2
CVSS
CVE-2018-0635HIGH

Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via filename parameter.

10 Jan 2019
7.2
CVSS
CVE-2018-0634HIGH

Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter or bootmode parameter of a certain URL.

10 Jan 2019
7.2
CVSS
CVE-2018-0633HIGH

Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary code via submit-url parameter.

10 Jan 2019
7.2
CVSS
CVE-2018-0632HIGH

Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary code via HTTP request and response.

10 Jan 2019
7.2
CVSS
CVE-2018-0631HIGH

Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via targetAPSsid parameter.

10 Jan 2019
7.2
CVSS
CVE-2018-0630HIGH

Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via sysCmd parameter.

10 Jan 2019
7.2
CVSS
CVE-2018-0629HIGH

Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via HTTP request and response.

10 Jan 2019
7.2
CVSS
CVE-2018-0628HIGH

Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via HTTP request and response.

10 Jan 2019
7.2
CVSS
CVE-2018-0627HIGH

Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via targetAPSsid parameter.

10 Jan 2019
7.2
CVSS
CVE-2018-0626HIGH

Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via sysCmd in formWsc parameter.

10 Jan 2019
7.2
CVSS
CVE-2018-0625HIGH

Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via formSysCmd parameter.

10 Jan 2019
7.2
CVSS
CVE-2018-11742CRITICALpoc

NEC Univerge Sv9100 WebPro 6.00.00 devices have Cleartext Password Storage in the Web UI.

26 Dec 2018
9.8
CVSS
CVE-2018-11741CRITICALpoc

NEC Univerge Sv9100 WebPro 6.00.00 devices have Predictable Session IDs that result in Account Information Disclosure via Home.htm?sessionId=#####&GOTO(8) URIs.

26 Dec 2018
9.8
CVSS
CVE-2016-1145HIGH

Directory traversal vulnerability in WebManager in NEC EXPRESSCLUSTER X through 3.3 11.31 on Windows and through 3.3 3.3.1-1 on Linux and Solaris allows remote attackers to read arbitrary files via unspecified vectors.

30 Jan 2016
7.5
CVSS
CVE-2013-7314MEDIUM

The OSPF implementation on NEC IP38X, IX1000, IX2000, and IX3000 routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.

23 Jan 2014
6.8
CVSS
CVE-2013-0717MEDIUM

Multiple cross-site request forgery (CSRF) vulnerabilities in the web-based management utility on the NEC AtermWR9500N, AtermWR8600N, AtermWR8370N, AtermWR8160N, AtermWM3600R, and AtermWM3450RN routers allow remote attackers to hijack the authentication of administrators for requests that (1) initialize settings or (2) reboot the device.

19 Mar 2013
6.8
CVSS
CVE-2013-0706CRITICAL

NEC Universal RAID Utility 1.40 Rev 680 and earlier, 2.31 Rev 1492 and earlier, and 2.5 Rev 2244 and earlier does not provide access control, which allows remote attackers to perform arbitrary RAID disk operations via unspecified vectors.

22 Feb 2013
9.0
CVSS
CVE-2011-1323HIGH

Yamaha RTX, RT, SRT, RTV, RTW, and RTA series routers with firmware 6.x through 10.x, and NEC IP38X series routers with firmware 6.x through 10.x, do not properly handle IP header options, which allows remote attackers to cause a denial of service (device reboot) via a crafted option that triggers access to an invalid memory location.

9 May 2011
7.8
CVSS
CVE-2010-1943HIGH

Unspecified vulnerability in NEC CapsSuite Small Edition PatchMeister 2.0 Update2 and earlier allows remote attackers to cause a denial of service (OS shutdown or restart) via vectors related to Client Service for PTM and crafted packets to port 56015.

19 May 2010
7.8
CVSS
Nec CVEs & Vulnerabilities — 117 Tracked — Page 2