CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2018-0626
https://notcve.org/view.php?id=CVE-2018-0626
Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via sysCmd in formWsc parameter. Aterm WG1200HP, con firmware Ver1.0.31 y anteriores, permite a los atacantes con permisos de administrador ejecutar comandos SO arbitrarios mediante sysCmd en el parámetro formWsc. • https://jpn.nec.com/security-info/secinfo/nv18-011.html https://jvn.jp/en/jp/JVN00401783/index.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 7%CPEs: 2EXPL: 4CVE-2018-11741 – NEC Univerge Sv9100 WebPro - 6.00 - Predictable Session ID / Clear Text Password Storage
https://notcve.org/view.php?id=CVE-2018-11741
NEC Univerge Sv9100 WebPro 6.00.00 devices have Predictable Session IDs that result in Account Information Disclosure via Home.htm?sessionId=#####&GOTO(8) URIs. Los dispositivos NEC Univerge Sv9100 WebPro 6.00.00 tienen ID de sesión predecibles que resultan en la divulgación de información de la cuenta mediante las URI Home.htm?sessionId=#####GOTO(8). NEC Univerge Sv9100 WebPro version 6.00.00 suffers from predictable session identifiers and cleartext password vulnerabilities. • https://www.exploit-db.com/exploits/45942 http://hyp3rlinx.altervista.org/advisories/NEC-UNIVERGE-WEBPRO-v6.00-PREDICTABLE-SESSIONID-CLEARTEXT-PASSWORDS.txt http://packetstormsecurity.com/files/150610/NEC-Univerge-Sv9100-WebPro-6.00.00-Predictable-Session-ID-Cleartext-Passwords.html http://seclists.org/fulldisclosure/2018/Dec/1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 7%CPEs: 2EXPL: 4CVE-2018-11742 – NEC Univerge Sv9100 WebPro - 6.00 - Predictable Session ID / Clear Text Password Storage
https://notcve.org/view.php?id=CVE-2018-11742
NEC Univerge Sv9100 WebPro 6.00.00 devices have Cleartext Password Storage in the Web UI. Los dispositivos NEC Univerge Sv9100 WebPro 6.00.00 tienen almacenamiento de contraseñas en texto claro en la interfaz web de usuario. NEC Univerge Sv9100 WebPro version 6.00.00 suffers from predictable session identifiers and cleartext password vulnerabilities. • https://www.exploit-db.com/exploits/45942 http://hyp3rlinx.altervista.org/advisories/NEC-UNIVERGE-WEBPRO-v6.00-PREDICTABLE-SESSIONID-CLEARTEXT-PASSWORDS.txt http://packetstormsecurity.com/files/150610/NEC-Univerge-Sv9100-WebPro-6.00.00-Predictable-Session-ID-Cleartext-Passwords.html http://seclists.org/fulldisclosure/2018/Dec/1 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-1145
https://notcve.org/view.php?id=CVE-2016-1145
Directory traversal vulnerability in WebManager in NEC EXPRESSCLUSTER X through 3.3 11.31 on Windows and through 3.3 3.3.1-1 on Linux and Solaris allows remote attackers to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en WebManager en NEC EXPRESSCLUSTER X hasta la versión 3.3 11.31 en Windows y hasta la versión 3.3 3.3.1-1 en Linux y Solaris permite a atacantes remotos leer archivos arbitrarios a través de vectores no especificados. • http://jpn.nec.com/security-info/secinfo/nv16-001.html http://jvn.jp/en/jp/JVN03050861/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2016-000015 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 0%CPEs: 12EXPL: 0CVE-2013-7314
https://notcve.org/view.php?id=CVE-2013-7314
The OSPF implementation on NEC IP38X, IX1000, IX2000, and IX3000 routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149. La implementación en routers NEC IP38X, IX1000, IX2000, e IX3000 no considera la posibilidad de valores Link State ID duplicados en paquetes Link State Advertisement (LSA) antes de realizar operaciones en la base de datos LSA, lo que permite a atacantes remotos provocar una denegación de servicio (interrupción de enrutamiento) u obtener información sensible de paquetes a través de un paquete LSA manipulado, una vulnerabilidad relacionada con CVE-2013-0149. • http://jpn.nec.com/security-info/secinfo/nv13-006.html http://jpn.nec.com/univerge/ix/Support/CERT/VU229804.html http://www.kb.cert.org/vuls/id/229804 http://www.kb.cert.org/vuls/id/BLUU-985QUQ •