CVSS: 9.8EPSS: 7%CPEs: 2EXPL: 4CVE-2018-11741 – NEC Univerge Sv9100 WebPro - 6.00 - Predictable Session ID / Clear Text Password Storage
https://notcve.org/view.php?id=CVE-2018-11741
NEC Univerge Sv9100 WebPro 6.00.00 devices have Predictable Session IDs that result in Account Information Disclosure via Home.htm?sessionId=#####&GOTO(8) URIs. Los dispositivos NEC Univerge Sv9100 WebPro 6.00.00 tienen ID de sesión predecibles que resultan en la divulgación de información de la cuenta mediante las URI Home.htm?sessionId=#####GOTO(8). NEC Univerge Sv9100 WebPro version 6.00.00 suffers from predictable session identifiers and cleartext password vulnerabilities. • https://www.exploit-db.com/exploits/45942 http://hyp3rlinx.altervista.org/advisories/NEC-UNIVERGE-WEBPRO-v6.00-PREDICTABLE-SESSIONID-CLEARTEXT-PASSWORDS.txt http://packetstormsecurity.com/files/150610/NEC-Univerge-Sv9100-WebPro-6.00.00-Predictable-Session-ID-Cleartext-Passwords.html http://seclists.org/fulldisclosure/2018/Dec/1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 7%CPEs: 2EXPL: 4CVE-2018-11742 – NEC Univerge Sv9100 WebPro - 6.00 - Predictable Session ID / Clear Text Password Storage
https://notcve.org/view.php?id=CVE-2018-11742
NEC Univerge Sv9100 WebPro 6.00.00 devices have Cleartext Password Storage in the Web UI. Los dispositivos NEC Univerge Sv9100 WebPro 6.00.00 tienen almacenamiento de contraseñas en texto claro en la interfaz web de usuario. NEC Univerge Sv9100 WebPro version 6.00.00 suffers from predictable session identifiers and cleartext password vulnerabilities. • https://www.exploit-db.com/exploits/45942 http://hyp3rlinx.altervista.org/advisories/NEC-UNIVERGE-WEBPRO-v6.00-PREDICTABLE-SESSIONID-CLEARTEXT-PASSWORDS.txt http://packetstormsecurity.com/files/150610/NEC-Univerge-Sv9100-WebPro-6.00.00-Predictable-Session-ID-Cleartext-Passwords.html http://seclists.org/fulldisclosure/2018/Dec/1 • CWE-522: Insufficiently Protected Credentials •