CVE-2018-11742 – NEC Univerge Sv9100 WebPro - 6.00 - Predictable Session ID / Clear Text Password Storage
https://notcve.org/view.php?id=CVE-2018-11742
NEC Univerge Sv9100 WebPro 6.00.00 devices have Cleartext Password Storage in the Web UI. Los dispositivos NEC Univerge Sv9100 WebPro 6.00.00 tienen almacenamiento de contraseñas en texto claro en la interfaz web de usuario. NEC Univerge Sv9100 WebPro version 6.00.00 suffers from predictable session identifiers and cleartext password vulnerabilities. • https://www.exploit-db.com/exploits/45942 http://hyp3rlinx.altervista.org/advisories/NEC-UNIVERGE-WEBPRO-v6.00-PREDICTABLE-SESSIONID-CLEARTEXT-PASSWORDS.txt http://packetstormsecurity.com/files/150610/NEC-Univerge-Sv9100-WebPro-6.00.00-Predictable-Session-ID-Cleartext-Passwords.html http://seclists.org/fulldisclosure/2018/Dec/1 • CWE-522: Insufficiently Protected Credentials •
CVE-2005-4465
https://notcve.org/view.php?id=CVE-2005-4465
The Internet Key Exchange version 1 (IKEv1) implementation in NEC UNIVERGE IX1000, IX2000, and IX3000 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. • http://secunia.com/advisories/18166 http://www.securityfocus.com/bid/16027 http://www.sw.nec.co.jp/ixseries/ix1k2k/Support/CERT/NISCC273756.html http://www.vupen.com/english/advisories/2005/3028 •