CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2019-20027
https://notcve.org/view.php?id=CVE-2019-20027
Aspire-derived NEC PBXes, including the SV8100, SV9100, SL1100 and SL2100 with software releases 7.0 or higher contain the possibility if incorrectly configured to allow a blank username and password combination to be entered as a valid, successfully authenticating account. Aspire-derived NEC PBXes, incluidas los SV8100, SV9100, SL1100 y SL2100 con versiones de software 7.0 o superiores, contienen la posibilidad de ser configuradas incorrectamente para permitir que una combinación de nombre de usuario y contraseña en blanco sean ingresadas como una cuenta válida y autenticada con éxito • https://shadytel.su/files/nec_cve.txt • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-20026
https://notcve.org/view.php?id=CVE-2019-20026
The WebPro interface in NEC SV9100 software releases 7.0 or higher allows unauthenticated remote attackers to reset all existing usernames and passwords to default values via a crafted request. La interfaz WebPro en el software NEC SV9100 versiones 7.0 o posteriores, permite a atacantes remotos no autenticados restablecer todos los nombres de usuario y contraseñas existentes a los valores predeterminados por medio de una petición diseñada • https://shadytel.su/files/nec_cve.txt •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2019-20025
https://notcve.org/view.php?id=CVE-2019-20025
Certain builds of NEC SV9100 software could allow an unauthenticated, remote attacker to log into a device running an affected release with a hardcoded username and password, aka a Static Credential Vulnerability. The vulnerability is due to an undocumented user account with manufacturer privilege level. An attacker could exploit this vulnerability by using this account to remotely log into an affected device. A successful exploit could allow the attacker to log into the device with manufacturer level access. This vulnerability affects SV9100 PBXes that are running software release 6.0 or higher. • https://shadytel.su/files/nec_cve.txt • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 0CVE-2020-27859 – NEC ESMPRO Manager GetEuaLogDownloadAction Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-27859
This vulnerability allows remote attackers to disclose sensitive information on affected installations of NEC ESMPRO Manager 6.42. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GetEuaLogDownloadAction class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. • https://www.zerodayinitiative.com/advisories/ZDI-20-736 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 220EXPL: 1CVE-2020-12695 – hostapd: UPnP SUBSCRIBE misbehavior in WPS AP
https://notcve.org/view.php?id=CVE-2020-12695
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. La especificación UPnP de Open Connectivity Foundation antes del 17-04-2020 no prohíbe la aceptación de una petición de suscripción con una URL de entrega en un segmento de red diferente a la URL de suscripción de evento totalmente calificada, también se conoce como el problema de CallStranger • https://github.com/yunuscadirci/CallStranger http://packetstormsecurity.com/files/158051/CallStranger-UPnP-Vulnerability-Checker.html http://www.openwall.com/lists/oss-security/2020/06/08/2 https://corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnerability-with-zeek https://github.com/corelight/callstranger-detector https://lists.debian.org/debian-lts-announce/2020/08/msg00011.html https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html https://lists.debian.org/debian-l • CWE-276: Incorrect Default Permissions CWE-918: Server-Side Request Forgery (SSRF) •