Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-20027

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-29 Jul, 2020 | 17:29
Updated At-05 Aug, 2024 | 02:32
Rejected At-
Credits

Aspire-derived NEC PBXes, including the SV8100, SV9100, SL1100 and SL2100 with software releases 7.0 or higher contain the possibility if incorrectly configured to allow a blank username and password combination to be entered as a valid, successfully authenticating account.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:29 Jul, 2020 | 17:29
Updated At:05 Aug, 2024 | 02:32
Rejected At:
▼CVE Numbering Authority (CNA)

Aspire-derived NEC PBXes, including the SV8100, SV9100, SL1100 and SL2100 with software releases 7.0 or higher contain the possibility if incorrectly configured to allow a blank username and password combination to be entered as a valid, successfully authenticating account.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://shadytel.su/files/nec_cve.txt
x_refsource_MISC
Hyperlink: https://shadytel.su/files/nec_cve.txt
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://shadytel.su/files/nec_cve.txt
x_refsource_MISC
x_transferred
Hyperlink: https://shadytel.su/files/nec_cve.txt
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:29 Jul, 2020 | 18:15
Updated At:04 Aug, 2020 | 19:49

Aspire-derived NEC PBXes, including the SV8100, SV9100, SL1100 and SL2100 with software releases 7.0 or higher contain the possibility if incorrectly configured to allow a blank username and password combination to be entered as a valid, successfully authenticating account.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
NEC Corporation
nec
>>sv8100>>-
cpe:2.3:h:nec:sv8100:-:*:*:*:*:*:*:*
NEC Corporation
nec
>>sv8100_firmware>>Versions from 7.0(inclusive)
cpe:2.3:o:nec:sv8100_firmware:*:*:*:*:*:*:*:*
NEC Corporation
nec
>>sv9100>>-
cpe:2.3:h:nec:sv9100:-:*:*:*:*:*:*:*
NEC Corporation
nec
>>sv9100_firmware>>Versions from 7.0(inclusive)
cpe:2.3:o:nec:sv9100_firmware:*:*:*:*:*:*:*:*
NEC Corporation
nec
>>sl1100>>-
cpe:2.3:h:nec:sl1100:-:*:*:*:*:*:*:*
NEC Corporation
nec
>>sl1100_firmware>>Versions from 7.0(inclusive)
cpe:2.3:o:nec:sl1100_firmware:*:*:*:*:*:*:*:*
NEC Corporation
nec
>>sl2100>>-
cpe:2.3:h:nec:sl2100:-:*:*:*:*:*:*:*
NEC Corporation
nec
>>sl2100_firmware>>Versions from 7.0(inclusive)
cpe:2.3:o:nec:sl2100_firmware:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-287Primarynvd@nist.gov
CWE ID: CWE-287
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://shadytel.su/files/nec_cve.txtcve@mitre.org
Third Party Advisory
Hyperlink: https://shadytel.su/files/nec_cve.txt
Source: cve@mitre.org
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

1201Records found
CVE-2019-20033
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.36% / 57.92%
||
7 Day CHG~0.00%
Published-29 Jul, 2020 | 17:30
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On Aspire-derived NEC PBXes, including all versions of SV8100 devices, a set of documented, static login credentials may be used to access the DIM interface.

Action-Not Available
Vendor-n/aNEC Corporation
Product-sv8100_firmwaresv8100n/a
CWE ID-CWE-287
Improper Authentication
CVE-2024-28012
Matching Score-10
Assigner-NEC Corporation
ShareView Details
Matching Score-10
Assigner-NEC Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 62.03%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 00:55
Updated-29 Sep, 2025 | 13:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary command with the root privilege via the internet.

Action-Not Available
Vendor-NEC Corporation
Product-aterm_wr1200haterm_wr9500n_firmwareaterm_wg600hpaterm_wg1400hpaterm_wr8750naterm_wr8300naterm_wg300hpaterm_wg1200hs2aterm_wg1200hs3_firmwareaterm_wg1810hp\(je\)aterm_wr8700naterm_wg1800hp2_firmwareaterm_wm3800raterm_w1200ex-ms_firmwareaterm_wg1800hp2aterm_wg1900hp2_firmwareaterm_mr02lnaterm_wf800hpaterm_wm3600r_firmwareaterm_wg1200hs3aterm_wr8700n_firmwareaterm_wr6600h_firmwareaterm_wg2200hp_firmwareaterm_wf300hpaterm_wr9300naterm_wf800hp_firmwareaterm_wr4500n_firmwareaterm_wg1810hp\(je\)_firmwareaterm_wr6670saterm_wg1800hp4_firmwareaterm_wr9500naterm_wg300hp_firmwareaterm_wr8150n_firmwareaterm_wg1200hpaterm_wr6650saterm_wr8175naterm_wr7850saterm_wr8100n_firmwareaterm_wr7850s_firmwareaterm_wr8200n_firmwareaterm_wm3400rnaterm_cr2500paterm_wr8100naterm_wm3500r_firmwareaterm_w300paterm_wr4100n_firmwareaterm_wm3400rn_firmwareaterm_wr7870saterm_wr8150naterm_wr8165n_firmwareaterm_wr8160n_firmwareaterm_wf1200hp2_firmwareaterm_wr8500n_firmwareaterm_wf300hp2aterm_wg1200hp2aterm_wg1900hpaterm_w1200ex-msaterm_w300p_firmwareaterm_wm3500raterm_wg1800hp3_firmwareaterm_wr1200h_firmwareaterm_wf1200hp_firmwareaterm_wf300hp2_firmwareaterm_wr7800h_firmwareaterm_wr9300n_firmwareaterm_wg1200hs2_firmwareaterm_wg1800hp3aterm_wr8166n_firmwareaterm_wr6650s_firmwareaterm_wg1900hp2aterm_wg1200hs_firmwareaterm_wr6600haterm_wr8165naterm_wr7800haterm_wr8166naterm_wr8370n_firmwareaterm_cr2500p_firmwareaterm_wm3600raterm_wr8160naterm_wf1200hp2aterm_wr4100naterm_mr01ln_firmwareaterm_wm3800r_firmwareaterm_wg1200hp3_firmwareaterm_wr8750n_firmwareaterm_wr8370naterm_wg1800hp_firmwareaterm_wr8175n_firmwareaterm_mr02ln_firmwareaterm_wg1400hp_firmwareaterm_wg1810hp\(mf\)_firmwareaterm_wr8400naterm_wg1200hp2_firmwareaterm_wr4500naterm_wg1810hp\(mf\)aterm_wg1900hp_firmwareaterm_wm3450rnaterm_wr8200naterm_wf300hp_firmwareaterm_wg2200hpaterm_wr7870s_firmwareaterm_wr6670s_firmwareaterm_wg1200hp3aterm_wr8170n_firmwareaterm_wf1200hpaterm_wr8600naterm_wg600hp_firmwareaterm_wr8600n_firmwareaterm_wg1200hsaterm_wg1800hpaterm_wr8500naterm_wg1200hp_firmwareaterm_wr8170naterm_wr8300n_firmwareaterm_mr01lnaterm_wg1800hp4aterm_wr8400n_firmwareaterm_wm3450rn_firmwareWR6600HWM3500RW300PWR8300NWR1200HWR6670SWG600HPWF1200HP2WM3400RNWM3800RWR9300NWR8166NWG1800HP4WG2200HPWR8165NWG1200HS3WR6650SWM3450RNWG1200HSWF300HP2WG1200HP3WG1900HP2WF800HPWR8400NWR9500NWR8100NWF1200HPWR8160NWR7800HWR8500NWG1810HP(JE)WG1810HP(MF)WR4500NWR8200NWR8170NWG1800HP2CR2500PWR8600NWG1800HPWG1200HPWF300HPWM3600RWG1900HPWR8150NWG1200HS2WR4100NWG1400HPWR8370NWR8750NWR8175NWR7870SWG1800HP3WG1200HP2WR7850SMR01LNWG300HPMR02LNWR8700NW1200EX(-MS)wr8500nwr6670scr2500pwg1900hp2wg1810hp\/mf\/wg2200hpwr7870swr9500nwg1800hp4wg1800hp2wg1400hpwg1200hswr8300nw1200ex\/ms\/wr7800hwg300hpwg1900hpwr8700nwr4100nwr8400nwf300hp2wr6650swm3500rwg1800hpwg1200hpwr6600hmr02lnwg1200hs3wg1200hs2wr8600nwr8160nwm3400rnwm3450rnwg1800hp3wr8150nwr9300nwr1200hwr8750nmr01lnwg1810hp\/je\/wg1200hp2wr8200nwr8165nwm3600rwm3800rwr4500nwf1200hp2wg600hpwr8170nwf800hpwf1200hpwr8166nwr8100nw300pwr8370nwr7850swg1200hp3wr8175n
CWE ID-CWE-287
Improper Authentication
CVE-2024-28007
Matching Score-10
Assigner-NEC Corporation
ShareView Details
Matching Score-10
Assigner-NEC Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 62.03%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 00:52
Updated-29 Sep, 2025 | 13:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary command with the root privilege via the internet.

Action-Not Available
Vendor-NEC Corporation
Product-aterm_wr1200haterm_wr9500n_firmwareaterm_wg600hpaterm_wg1400hpaterm_wr8750naterm_wr8300naterm_wg300hpaterm_wg1200hs2aterm_wg1200hs3_firmwareaterm_wg1810hp\(je\)aterm_wr8700naterm_wg1800hp2_firmwareaterm_wm3800raterm_w1200ex-ms_firmwareaterm_wg1800hp2aterm_wg1900hp2_firmwareaterm_mr02lnaterm_wf800hpaterm_wm3600r_firmwareaterm_wg1200hs3aterm_wr8700n_firmwareaterm_wr6600h_firmwareaterm_wg2200hp_firmwareaterm_wf300hpaterm_wr9300naterm_wf800hp_firmwareaterm_wr4500n_firmwareaterm_wg1810hp\(je\)_firmwareaterm_wr6670saterm_wg1800hp4_firmwareaterm_wr9500naterm_wg300hp_firmwareaterm_wr8150n_firmwareaterm_wg1200hpaterm_wr6650saterm_wr8175naterm_wr7850saterm_wr8100n_firmwareaterm_wr7850s_firmwareaterm_wr8200n_firmwareaterm_wm3400rnaterm_cr2500paterm_wr8100naterm_wm3500r_firmwareaterm_w300paterm_wr4100n_firmwareaterm_wm3400rn_firmwareaterm_wr7870saterm_wr8150naterm_wr8165n_firmwareaterm_wr8160n_firmwareaterm_wf1200hp2_firmwareaterm_wr8500n_firmwareaterm_wf300hp2aterm_wg1200hp2aterm_wg1900hpaterm_w1200ex-msaterm_w300p_firmwareaterm_wm3500raterm_wg1800hp3_firmwareaterm_wr1200h_firmwareaterm_wf1200hp_firmwareaterm_wf300hp2_firmwareaterm_wr7800h_firmwareaterm_wr9300n_firmwareaterm_wg1200hs2_firmwareaterm_wg1800hp3aterm_wr8166n_firmwareaterm_wr6650s_firmwareaterm_wg1900hp2aterm_wg1200hs_firmwareaterm_wr6600haterm_wr8165naterm_wr7800haterm_wr8166naterm_wr8370n_firmwareaterm_cr2500p_firmwareaterm_wm3600raterm_wr8160naterm_wf1200hp2aterm_wr4100naterm_mr01ln_firmwareaterm_wm3800r_firmwareaterm_wg1200hp3_firmwareaterm_wr8750n_firmwareaterm_wr8370naterm_wg1800hp_firmwareaterm_wr8175n_firmwareaterm_mr02ln_firmwareaterm_wg1400hp_firmwareaterm_wg1810hp\(mf\)_firmwareaterm_wr8400naterm_wg1200hp2_firmwareaterm_wr4500naterm_wg1810hp\(mf\)aterm_wg1900hp_firmwareaterm_wm3450rnaterm_wr8200naterm_wf300hp_firmwareaterm_wg2200hpaterm_wr7870s_firmwareaterm_wr6670s_firmwareaterm_wg1200hp3aterm_wr8170n_firmwareaterm_wf1200hpaterm_wr8600naterm_wg600hp_firmwareaterm_wr8600n_firmwareaterm_wg1200hsaterm_wg1800hpaterm_wr8500naterm_wg1200hp_firmwareaterm_wr8170naterm_wr8300n_firmwareaterm_mr01lnaterm_wg1800hp4aterm_wr8400n_firmwareaterm_wm3450rn_firmwareWR6600HWM3500RW300PWR8300NWR1200HWR6670SWG600HPWF1200HP2WM3400RNWM3800RWR9300NWR8166NWG1800HP4WG2200HPWR8165NWG1200HS3WR6650SWM3450RNWG1200HSWF300HP2WG1200HP3WG1900HP2WF800HPWR8400NWR9500NWR8100NWF1200HPWR8160NWR7800HWR8500NWG1810HP(JE)WG1810HP(MF)WR4500NWR8200NWR8170NWG1800HP2CR2500PWR8600NWG1800HPWG1200HPWF300HPWM3600RWG1900HPWR8150NWG1200HS2WR4100NWG1400HPWR8370NWR8750NWR8175NWR7870SWG1800HP3WG1200HP2WR7850SMR01LNWG300HPMR02LNWR8700NW1200EX(-MS)aterm_wg1800hp4_firmware
CWE ID-CWE-287
Improper Authentication
CVE-2024-28009
Matching Score-10
Assigner-NEC Corporation
ShareView Details
Matching Score-10
Assigner-NEC Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 62.03%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 00:53
Updated-29 Sep, 2025 | 13:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary command with the root privilege via the internet.

Action-Not Available
Vendor-NEC Corporation
Product-aterm_wr1200haterm_wr9500n_firmwareaterm_wg600hpaterm_wg1400hpaterm_wr8750naterm_wr8300naterm_wg300hpaterm_wg1200hs2aterm_wg1200hs3_firmwareaterm_wg1810hp\(je\)aterm_wr8700naterm_wg1800hp2_firmwareaterm_wm3800raterm_w1200ex-ms_firmwareaterm_wg1800hp2aterm_wg1900hp2_firmwareaterm_mr02lnaterm_wf800hpaterm_wm3600r_firmwareaterm_wg1200hs3aterm_wr8700n_firmwareaterm_wr6600h_firmwareaterm_wg2200hp_firmwareaterm_wf300hpaterm_wr9300naterm_wf800hp_firmwareaterm_wr4500n_firmwareaterm_wg1810hp\(je\)_firmwareaterm_wr6670saterm_wg1800hp4_firmwareaterm_wr9500naterm_wg300hp_firmwareaterm_wr8150n_firmwareaterm_wg1200hpaterm_wr6650saterm_wr8175naterm_wr7850saterm_wr8100n_firmwareaterm_wr7850s_firmwareaterm_wr8200n_firmwareaterm_wm3400rnaterm_cr2500paterm_wr8100naterm_wm3500r_firmwareaterm_w300paterm_wr4100n_firmwareaterm_wm3400rn_firmwareaterm_wr7870saterm_wr8150naterm_wr8165n_firmwareaterm_wr8160n_firmwareaterm_wf1200hp2_firmwareaterm_wr8500n_firmwareaterm_wf300hp2aterm_wg1200hp2aterm_wg1900hpaterm_w1200ex-msaterm_w300p_firmwareaterm_wm3500raterm_wg1800hp3_firmwareaterm_wr1200h_firmwareaterm_wf1200hp_firmwareaterm_wf300hp2_firmwareaterm_wr7800h_firmwareaterm_wr9300n_firmwareaterm_wg1200hs2_firmwareaterm_wg1800hp3aterm_wr8166n_firmwareaterm_wr6650s_firmwareaterm_wg1900hp2aterm_wg1200hs_firmwareaterm_wr6600haterm_wr8165naterm_wr7800haterm_wr8166naterm_wr8370n_firmwareaterm_cr2500p_firmwareaterm_wm3600raterm_wr8160naterm_wf1200hp2aterm_wr4100naterm_mr01ln_firmwareaterm_wm3800r_firmwareaterm_wg1200hp3_firmwareaterm_wr8750n_firmwareaterm_wr8370naterm_wg1800hp_firmwareaterm_wr8175n_firmwareaterm_mr02ln_firmwareaterm_wg1400hp_firmwareaterm_wg1810hp\(mf\)_firmwareaterm_wr8400naterm_wg1200hp2_firmwareaterm_wr4500naterm_wg1810hp\(mf\)aterm_wg1900hp_firmwareaterm_wm3450rnaterm_wr8200naterm_wf300hp_firmwareaterm_wg2200hpaterm_wr7870s_firmwareaterm_wr6670s_firmwareaterm_wg1200hp3aterm_wr8170n_firmwareaterm_wf1200hpaterm_wr8600naterm_wg600hp_firmwareaterm_wr8600n_firmwareaterm_wg1200hsaterm_wg1800hpaterm_wr8500naterm_wg1200hp_firmwareaterm_wr8170naterm_wr8300n_firmwareaterm_mr01lnaterm_wg1800hp4aterm_wr8400n_firmwareaterm_wm3450rn_firmwareWF300HP2WG1800HP2WG1200HP2WR8300NW300PWR8200NWR6650SWM3800RWG1200HSWR8160NWG1900HPWR8400NWR8100NWM3400RNWR7870SWG1800HP3WR9500NMR02LNWG1200HPW1200EX(-MS)WG1800HPWR8600NWR8370NMR01LNWR8170NWR7850SWG1800HP4WF300HPWR8700NWM3450RNWR8165NWF1200HPWR4100NWM3600RWG1200HP3WR8750NWG1400HPWR8150NWR8175NWG1200HS3WR7800HWR6600HCR2500PWR1200HWG1200HS2WR6670SWG600HPWR8166NWM3500RWR8500NWG1810HP(JE)WG300HPWF800HPWR4500NWG2200HPWF1200HP2WG1810HP(MF)WG1900HP2WR9300Nwg1200hs3wr8165nwf300hpwr6650swg1800hp2wm3500rwg1800hpmr01lnwr7800hwg600hpw300pwr8100nwg1400hpwr7870swr8166nwr8170nwg1900hpwr8300nwm3600rwr8150nwg1200hswr8600nwf1200hp2wf300hp2wr8160nwr6670swg1200hs2wr7850swr8700nwf1200hpwr9300nwg1900hp2wf800hpwr8500ncr2500pwr8400nwm3400rnwg2200hpwg300hpwg1810hp\/mf\/wm3800rwr4500nwg1200hpwr1200hwr8175nwg1200hp3wr9500nwr8370nwr8200nwr8750nwm3450rnwr4100nwg1810hp\/je\/mr02lnw1200ex\/ms\/wr6600hwg1800hp3
CWE ID-CWE-287
Improper Authentication
CVE-2020-5633
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-0.98% / 76.38%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 09:40
Updated-04 Aug, 2024 | 08:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple NEC products (Express5800/T110j, Express5800/T110j-S, Express5800/T110j (2nd-Gen), Express5800/T110j-S (2nd-Gen), iStorage NS100Ti, and Express5800/GT110j) where Baseboard Management Controller (BMC) firmware Rev1.09 and earlier is applied allows remote attackers to bypass authentication and then obtain/modify BMC setting information, obtain monitoring information, or reboot/shut down the vulnerable product via unspecified vectors.

Action-Not Available
Vendor-NEC Corporation
Product-baseboard_management_controllerexpress5800\/t110jistorage_ns100tiexpress5800\/t110j-sexpress5800\/gt110jexpress5800\/t110j-s_\(2nd-gen\)express5800\/t110j_\(2nd-gen\)Multiple NEC products where Baseboard Management Controller (BMC) firmware Rev1.09 and earlier is applied
CWE ID-CWE-287
Improper Authentication
CVE-1999-0043
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.58% / 81.28%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others.

Action-Not Available
Vendor-bsdin/absdiThe MITRE Corporation (Caldera)Netscape (Yahoo Inc.)NEC CorporationInternet Systems Consortium, Inc.Red Hat, Inc.
Product-bsd_osgoah_intrasvnews_serverlinuxinnopenlinuxgoah_networksvn/absd_oslinuxopenlinuxgoah_intrasvgoah_networksvnews_serverinn
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-20025
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.99% / 83.34%
||
7 Day CHG~0.00%
Published-29 Jul, 2020 | 17:28
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain builds of NEC SV9100 software could allow an unauthenticated, remote attacker to log into a device running an affected release with a hardcoded username and password, aka a Static Credential Vulnerability. The vulnerability is due to an undocumented user account with manufacturer privilege level. An attacker could exploit this vulnerability by using this account to remotely log into an affected device. A successful exploit could allow the attacker to log into the device with manufacturer level access. This vulnerability affects SV9100 PBXes that are running software release 6.0 or higher. This vulnerability does not affect SV9100 software releases prior to 6.0.

Action-Not Available
Vendor-n/aNEC Corporation
Product-sv9100_firmwaresv9100n/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-34823
Matching Score-8
Assigner-NEC Corporation
ShareView Details
Matching Score-8
Assigner-NEC Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.45% / 80.47%
||
7 Day CHG~0.00%
Published-08 Nov, 2022 | 00:00
Updated-02 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code.

Action-Not Available
Vendor-NEC Corporation
Product-expresscluster_xexpresscluster_x_singleserversafeCLUSTERPRO X
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-10917
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-9.8||CRITICAL
EPSS-30.52% / 96.59%
||
7 Day CHG~0.00%
Published-22 Jul, 2020 | 22:45
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NEC ESMPRO Manager 6.42. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RMI service. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10007.

Action-Not Available
Vendor-NEC Corporation
Product-esmpro_managerESMPRO Manager
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2018-11742
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-40.92% / 97.28%
||
7 Day CHG~0.00%
Published-26 Dec, 2018 | 20:00
Updated-05 Aug, 2024 | 08:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NEC Univerge Sv9100 WebPro 6.00.00 devices have Cleartext Password Storage in the Web UI.

Action-Not Available
Vendor-n/aNEC Corporation
Product-univerge_sv9100_webprouniverge_sv9100_webpro_firmwaren/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2006-6946
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.75% / 72.77%
||
7 Day CHG+0.03%
Published-23 Jan, 2007 | 02:00
Updated-07 Aug, 2024 | 20:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The web server in the NEC MultiWriter 1700C allows remote attackers to modify the device configuration via unspecified vectors.

Action-Not Available
Vendor-n/aNEC Corporation
Product-multiwriter_1700cn/a
CVE-2005-4465
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.98% / 83.29%
||
7 Day CHG~0.00%
Published-22 Dec, 2005 | 00:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Internet Key Exchange version 1 (IKEv1) implementation in NEC UNIVERGE IX1000, IX2000, and IX3000 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to.

Action-Not Available
Vendor-n/aNEC Corporation
Product-univergen/a
CVE-2022-25621
Matching Score-8
Assigner-NEC Corporation
ShareView Details
Matching Score-8
Assigner-NEC Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.96% / 76.11%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 17:54
Updated-03 Aug, 2024 | 04:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

UUNIVERGE WA 1020 Ver8.2.11 and prior, UNIVERGE WA 1510 Ver8.2.11 and prior, UNIVERGE WA 1511 Ver8.2.11 and prior, UNIVERGE WA 1512 Ver8.2.11 and prior, UNIVERGE WA 2020 Ver8.2.11 and prior, UNIVERGE WA 2021 Ver8.2.11 and prior, UNIVERGE WA 2610-AP Ver8.2.11 and prior, UNIVERGE WA 2611-AP Ver8.2.11 and prior, UNIVERGE WA 2611E-AP Ver8.2.11 and prior, UNIVERGE WA WA2612-AP Ver8.2.11 and prior allows a remote attacker to execute arbitrary OS commands.

Action-Not Available
Vendor-NEC Platforms, Ltd.NEC Corporation
Product-univerge_wa2020univerge_wa2611-ap_firmwareuniverge_wa2610-ap_firmwareuniverge_wa1511_firmwareuniverge_wa2611-apuniverge_wa1510_firmwareuniverge_wa1020univerge_wa2612-apuniverge_wa2612-ap_firmwareuniverge_wa2020_firmwareuniverge_wa1510univerge_wa2610-apuniverge_wa1512_firmwareuniverge_wa1512univerge_wa1511univerge_wa2021univerge_wa1020_firmwareuniverge_wa2021_firmwareuniverge_wa2611e-apuniverge_wa2611e-ap_firmwareUNIVERGE DT
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-11741
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-52.70% / 97.87%
||
7 Day CHG~0.00%
Published-26 Dec, 2018 | 20:00
Updated-05 Aug, 2024 | 08:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NEC Univerge Sv9100 WebPro 6.00.00 devices have Predictable Session IDs that result in Account Information Disclosure via Home.htm?sessionId=#####&GOTO(8) URIs.

Action-Not Available
Vendor-n/aNEC Corporation
Product-univerge_sv9100_webprouniverge_sv9100_webpro_firmwaren/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-20711
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-0.65% / 70.36%
||
7 Day CHG~0.00%
Published-26 Apr, 2021 | 00:20
Updated-03 Aug, 2024 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Aterm WG2600HS firmware Ver1.5.1 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.

Action-Not Available
Vendor-NEC Corporation
Product-aterm_wg2600hs_firmwareaterm_wg2600hsAterm WG2600HS
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-20701
Matching Score-8
Assigner-NEC Corporation
ShareView Details
Matching Score-8
Assigner-NEC Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.62% / 81.54%
||
7 Day CHG~0.00%
Published-02 Nov, 2021 | 23:30
Updated-03 Aug, 2024 | 17:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote code execution via a network.

Action-Not Available
Vendor-NEC Corporation
Product-clusterpro_xclusterpro_x_singleserversafeexpresscluster_xexpresscluster_x_singleserversafeCLUSTERPRO X
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-20704
Matching Score-8
Assigner-NEC Corporation
ShareView Details
Matching Score-8
Assigner-NEC Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.62% / 81.54%
||
7 Day CHG~0.00%
Published-02 Nov, 2021 | 23:30
Updated-03 Aug, 2024 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow vulnerability in the compatible API with previous versions CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote code execution via a network.

Action-Not Available
Vendor-NEC Corporation
Product-clusterpro_xclusterpro_x_singleserversafeexpresscluster_xexpresscluster_x_singleserversafeCLUSTERPRO X
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-20702
Matching Score-8
Assigner-NEC Corporation
ShareView Details
Matching Score-8
Assigner-NEC Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.62% / 81.54%
||
7 Day CHG~0.00%
Published-02 Nov, 2021 | 23:30
Updated-03 Aug, 2024 | 17:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote code execution via a network.

Action-Not Available
Vendor-NEC Corporation
Product-clusterpro_xclusterpro_x_singleserversafeexpresscluster_xexpresscluster_x_singleserversafeCLUSTERPRO X
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-20703
Matching Score-8
Assigner-NEC Corporation
ShareView Details
Matching Score-8
Assigner-NEC Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.62% / 81.54%
||
7 Day CHG~0.00%
Published-02 Nov, 2021 | 23:30
Updated-03 Aug, 2024 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote code execution via a network.

Action-Not Available
Vendor-NEC Corporation
Product-clusterpro_xclusterpro_x_singleserversafeexpresscluster_xexpresscluster_x_singleserversafeCLUSTERPRO X
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-28015
Matching Score-8
Assigner-NEC Corporation
ShareView Details
Matching Score-8
Assigner-NEC Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.79% / 73.56%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 00:56
Updated-29 Sep, 2025 | 12:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary OS command with the root privilege via the internet.

Action-Not Available
Vendor-NEC Corporation
Product-aterm_wr1200haterm_wr9500n_firmwareaterm_wg600hpaterm_wg1400hpaterm_wr8750naterm_wm3450rn_firmwareaterm_wg300hpaterm_wg1200hs2aterm_wg1200hs3_firmwareaterm_wg1810hp\(je\)aterm_wr8700naterm_wg1800hp2_firmwareaterm_wm3800raterm_w1200ex-ms_firmwareaterm_wg1800hp2aterm_wg1900hp2_firmwareaterm_mr02lnaterm_wf800hpaterm_wm3600r_firmwareaterm_wg1200hs3aterm_wr8700n_firmwareaterm_wr6600h_firmwareaterm_wg2200hp_firmwareaterm_wf300hpaterm_wr9300naterm_wf800hp_firmwareaterm_wr4500n_firmwareaterm_wg1810hp\(je\)_firmwareaterm_wr6670saterm_wg1800hp4_firmwareaterm_wr9500naterm_wg300hp_firmwareaterm_wr8150n_firmwareaterm_wg1200hpaterm_wr6650saterm_wr8175naterm_wr7850saterm_wr8100n_firmwareaterm_wr7850s_firmwareaterm_wr8200n_firmwareaterm_wm3400rnaterm_cr2500paterm_wr8100naterm_wm3500r_firmwareaterm_w300paterm_wr4100n_firmwareaterm_wm3400rn_firmwareaterm_wr7870saterm_wr8150naterm_wr8165n_firmwareaterm_wr8160n_firmwareaterm_wf1200hp2_firmwareaterm_wr8500n_firmwareaterm_wf300hp2aterm_wg1200hp2aterm_wg1900hpaterm_w1200ex-msaterm_wm3500raterm_w300p_firmwareaterm_wg1800hp3_firmwareaterm_wr7800h_firmwareaterm_wf1200hp_firmwareaterm_wf300hp2_firmwareaterm_wr1200h_firmwareaterm_wr9300n_firmwareaterm_wg1200hs2_firmwareaterm_wg1800hp3aterm_wr8166n_firmwareaterm_wr6650s_firmwareaterm_wg1900hp2aterm_wr6600haterm_wg1200hs_firmwareaterm_wr8165naterm_wr7800haterm_wr8166naterm_wr8370n_firmwareaterm_cr2500p_firmwareaterm_wm3600raterm_wr8160naterm_wf1200hp2aterm_wr4100naterm_mr01ln_firmwareaterm_wm3800r_firmwareaterm_wg1200hp3_firmwareaterm_wr8750n_firmwareaterm_wr8370naterm_mr02ln_firmwareaterm_wg1800hp_firmwareaterm_wr8175n_firmwareaterm_wg1400hp_firmwareaterm_wg1810hp\(mf\)_firmwareaterm_wr8400naterm_wg1200hp2_firmwareaterm_wr4500naterm_wg1810hp\(mf\)aterm_wg1900hp_firmwareaterm_wm3450rnaterm_wr8200naterm_wf300hp_firmwareaterm_wg2200hpaterm_wr7870s_firmwareaterm_wr6670s_firmwareaterm_wg1200hp3aterm_wr8170n_firmwareaterm_wf1200hpaterm_wr8600naterm_wg600hp_firmwareaterm_wr8600n_firmwareaterm_wg1200hsaterm_wg1800hpaterm_wr8500naterm_wg1200hp_firmwareaterm_wr8170naterm_wr8300n_firmwareaterm_mr01lnaterm_wg1800hp4aterm_wr8400n_firmwareaterm_wr8300nWR6600HWM3500RW300PWR8300NWR1200HWR6670SWG600HPWF1200HP2WM3400RNWM3800RWR9300NWR8166NWG1800HP4WG2200HPWR8165NWG1200HS3WR6650SWM3450RNWG1200HSWF300HP2WG1200HP3WG1900HP2WF800HPWR8400NWR9500NWR8100NWF1200HPWR8160NWR7800HWR8500NWG1810HP(JE)WG1810HP(MF)WR4500NWR8200NWR8170NWG1800HP2CR2500PWR8600NWG1800HPWG1200HPWF300HPWM3600RWG1900HPWR8150NWG1200HS2WR4100NWG1400HPWR8370NWR8750NWR8175NWR7870SWG1800HP3WG1200HP2WR7850SMR01LNWG300HPMR02LNWR8700NW1200EX(-MS)aterm_wg1800hp4_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-28010
Matching Score-8
Assigner-NEC Corporation
ShareView Details
Matching Score-8
Assigner-NEC Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.40% / 60.26%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 00:54
Updated-29 Sep, 2025 | 13:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use of Hard-coded Password in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary OS command via the internet.

Action-Not Available
Vendor-NEC Corporation
Product-aterm_wr1200haterm_wr9500n_firmwareaterm_wg600hpaterm_wg1400hpaterm_wr8750naterm_wr8300naterm_wg300hpaterm_wg1200hs2aterm_wg1200hs3_firmwareaterm_wg1810hp\(je\)aterm_wr8700naterm_wg1800hp2_firmwareaterm_wm3800raterm_w1200ex-ms_firmwareaterm_wg1800hp2aterm_wg1900hp2_firmwareaterm_mr02lnaterm_wf800hpaterm_wm3600r_firmwareaterm_wg1200hs3aterm_wr8700n_firmwareaterm_wr6600h_firmwareaterm_wg2200hp_firmwareaterm_wf300hpaterm_wr9300naterm_wf800hp_firmwareaterm_wr4500n_firmwareaterm_wg1810hp\(je\)_firmwareaterm_wr6670saterm_wg1800hp4_firmwareaterm_wr9500naterm_wg300hp_firmwareaterm_wr8150n_firmwareaterm_wg1200hpaterm_wr6650saterm_wr8175naterm_wr7850saterm_wr8100n_firmwareaterm_wr7850s_firmwareaterm_wr8200n_firmwareaterm_wm3400rnaterm_cr2500paterm_wr8100naterm_wm3500r_firmwareaterm_w300paterm_wr4100n_firmwareaterm_wm3400rn_firmwareaterm_wr7870saterm_wr8150naterm_wr8165n_firmwareaterm_wr8160n_firmwareaterm_wf1200hp2_firmwareaterm_wr8500n_firmwareaterm_wf300hp2aterm_wg1200hp2aterm_wg1900hpaterm_w1200ex-msaterm_w300p_firmwareaterm_wm3500raterm_wg1800hp3_firmwareaterm_wr1200h_firmwareaterm_wf1200hp_firmwareaterm_wf300hp2_firmwareaterm_wr7800h_firmwareaterm_wr9300n_firmwareaterm_wg1200hs2_firmwareaterm_wg1800hp3aterm_wr8166n_firmwareaterm_wr6650s_firmwareaterm_wg1900hp2aterm_wg1200hs_firmwareaterm_wr6600haterm_wr8165naterm_wr7800haterm_wr8166naterm_wr8370n_firmwareaterm_cr2500p_firmwareaterm_wm3600raterm_wr8160naterm_wf1200hp2aterm_wr4100naterm_mr01ln_firmwareaterm_wm3800r_firmwareaterm_wg1200hp3_firmwareaterm_wr8750n_firmwareaterm_wr8370naterm_wg1800hp_firmwareaterm_wr8175n_firmwareaterm_mr02ln_firmwareaterm_wg1400hp_firmwareaterm_wg1810hp\(mf\)_firmwareaterm_wr8400naterm_wg1200hp2_firmwareaterm_wr4500naterm_wg1810hp\(mf\)aterm_wg1900hp_firmwareaterm_wm3450rnaterm_wr8200naterm_wf300hp_firmwareaterm_wg2200hpaterm_wr7870s_firmwareaterm_wr6670s_firmwareaterm_wg1200hp3aterm_wr8170n_firmwareaterm_wf1200hpaterm_wr8600naterm_wg600hp_firmwareaterm_wr8600n_firmwareaterm_wg1200hsaterm_wg1800hpaterm_wr8500naterm_wg1200hp_firmwareaterm_wr8170naterm_wr8300n_firmwareaterm_mr01lnaterm_wg1800hp4aterm_wr8400n_firmwareaterm_wm3450rn_firmwareWR6600HWM3500RW300PWR8300NWR1200HWR6670SWG600HPWF1200HP2WM3400RNWM3800RWR9300NWR8166NWG1800HP4WG2200HPWR8165NWG1200HS3WR6650SWM3450RNWG1200HSWF300HP2WG1200HP3WG1900HP2WF800HPWR8400NWR9500NWR8100NWF1200HPWR8160NWR7800HWR8500NWG1810HP(JE)WG1810HP(MF)WR4500NWR8200NWR8170NWG1800HP2CR2500PWR8600NWG1800HPWG1200HPWF300HPWM3600RWG1900HPWR8150NWG1200HS2WR4100NWG1400HPWR8370NWR8750NWR8175NWR7870SWG1800HP3WG1200HP2WR7850SMR01LNWG300HPMR02LNWR8700NW1200EX(-MS)aterm_wg1800hp4_firmware
CWE ID-CWE-259
Use of Hard-coded Password
CVE-2024-28014
Matching Score-8
Assigner-NEC Corporation
ShareView Details
Matching Score-8
Assigner-NEC Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.60% / 68.87%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 00:56
Updated-29 Sep, 2025 | 13:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based Buffer Overflow vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary command via the internet.

Action-Not Available
Vendor-NEC Corporation
Product-aterm_wr1200haterm_wr9500n_firmwareaterm_wg600hpaterm_wg1400hpaterm_wr8750naterm_wr8300naterm_wg300hpaterm_wg1200hs2aterm_wg1200hs3_firmwareaterm_wg1810hp\(je\)aterm_wr8700naterm_wg1800hp2_firmwareaterm_wm3800raterm_w1200ex-ms_firmwareaterm_wg1800hp2aterm_wg1900hp2_firmwareaterm_mr02lnaterm_wf800hpaterm_wm3600r_firmwareaterm_wg1200hs3aterm_wr8700n_firmwareaterm_wr6600h_firmwareaterm_wg2200hp_firmwareaterm_wf300hpaterm_wr9300naterm_wf800hp_firmwareaterm_wr4500n_firmwareaterm_wg1810hp\(je\)_firmwareaterm_wr6670saterm_wg1800hp4_firmwareaterm_wr9500naterm_wg300hp_firmwareaterm_wr8150n_firmwareaterm_wg1200hpaterm_wr6650saterm_wr8175naterm_wr7850saterm_wr8100n_firmwareaterm_wr7850s_firmwareaterm_wr8200n_firmwareaterm_wm3400rnaterm_cr2500paterm_wr8100naterm_wm3500r_firmwareaterm_w300paterm_wr4100n_firmwareaterm_wm3400rn_firmwareaterm_wr7870saterm_wr8150naterm_wr8165n_firmwareaterm_wr8160n_firmwareaterm_wf1200hp2_firmwareaterm_wr8500n_firmwareaterm_wf300hp2aterm_wg1200hp2aterm_wg1900hpaterm_w1200ex-msaterm_w300p_firmwareaterm_wm3500raterm_wg1800hp3_firmwareaterm_wr1200h_firmwareaterm_wf1200hp_firmwareaterm_wf300hp2_firmwareaterm_wr7800h_firmwareaterm_wr9300n_firmwareaterm_wg1200hs2_firmwareaterm_wg1800hp3aterm_wr8166n_firmwareaterm_wr6650s_firmwareaterm_wg1900hp2aterm_wg1200hs_firmwareaterm_wr6600haterm_wr8165naterm_wr7800haterm_wr8166naterm_wr8370n_firmwareaterm_cr2500p_firmwareaterm_wm3600raterm_wr8160naterm_wf1200hp2aterm_wr4100naterm_mr01ln_firmwareaterm_wm3800r_firmwareaterm_wg1200hp3_firmwareaterm_wr8750n_firmwareaterm_wr8370naterm_wg1800hp_firmwareaterm_wr8175n_firmwareaterm_mr02ln_firmwareaterm_wg1400hp_firmwareaterm_wg1810hp\(mf\)_firmwareaterm_wr8400naterm_wg1200hp2_firmwareaterm_wr4500naterm_wg1810hp\(mf\)aterm_wg1900hp_firmwareaterm_wm3450rnaterm_wr8200naterm_wf300hp_firmwareaterm_wg2200hpaterm_wr7870s_firmwareaterm_wr6670s_firmwareaterm_wg1200hp3aterm_wr8170n_firmwareaterm_wf1200hpaterm_wr8600naterm_wg600hp_firmwareaterm_wr8600n_firmwareaterm_wg1200hsaterm_wg1800hpaterm_wr8500naterm_wg1200hp_firmwareaterm_wr8170naterm_wr8300n_firmwareaterm_mr01lnaterm_wg1800hp4aterm_wr8400n_firmwareaterm_wm3450rn_firmwareWR6600HWM3500RW300PWR8300NWR1200HWR6670SWG600HPWF1200HP2WM3400RNWM3800RWR9300NWR8166NWG1800HP4WG2200HPWR8165NWG1200HS3WR6650SWM3450RNWG1200HSWF300HP2WG1200HP3WG1900HP2WF800HPWR8400NWR9500NWR8100NWF1200HPWR8160NWR7800HWR8500NWG1810HP(JE)WG1810HP(MF)WR4500NWR8200NWR8170NWG1800HP2CR2500PWR8600NWG1800HPWG1200HPWF300HPWM3600RWG1900HPWR8150NWG1200HS2WR4100NWG1400HPWR8370NWR8750NWR8175NWR7870SWG1800HP3WG1200HP2WR7850SMR01LNWG300HPMR02LNWR8700NW1200EX(-MS)aterm_w1200ex\(-ms\)_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-28008
Matching Score-8
Assigner-NEC Corporation
ShareView Details
Matching Score-8
Assigner-NEC Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 61.74%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 00:52
Updated-29 Sep, 2025 | 13:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Active Debug Code in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary OS command via the internet.

Action-Not Available
Vendor-NEC Corporation
Product-aterm_wr1200haterm_wr9500n_firmwareaterm_wg600hpaterm_wg1400hpaterm_wr8750naterm_wr8300naterm_wg300hpaterm_wg1200hs2aterm_wg1200hs3_firmwareaterm_wg1810hp\(je\)aterm_wr8700naterm_wg1800hp2_firmwareaterm_wm3800raterm_w1200ex-ms_firmwareaterm_wg1800hp2aterm_wg1900hp2_firmwareaterm_mr02lnaterm_wf800hpaterm_wm3600r_firmwareaterm_wg1200hs3aterm_wr8700n_firmwareaterm_wr6600h_firmwareaterm_wg2200hp_firmwareaterm_wf300hpaterm_wr9300naterm_wf800hp_firmwareaterm_wr4500n_firmwareaterm_wg1810hp\(je\)_firmwareaterm_wr6670saterm_wg1800hp4_firmwareaterm_wr9500naterm_wg300hp_firmwareaterm_wr8150n_firmwareaterm_wg1200hpaterm_wr6650saterm_wr8175naterm_wr7850saterm_wr8100n_firmwareaterm_wr7850s_firmwareaterm_wr8200n_firmwareaterm_wm3400rnaterm_cr2500paterm_wr8100naterm_wm3500r_firmwareaterm_w300paterm_wr4100n_firmwareaterm_wm3400rn_firmwareaterm_wr7870saterm_wr8150naterm_wr8165n_firmwareaterm_wr8160n_firmwareaterm_wf1200hp2_firmwareaterm_wr8500n_firmwareaterm_wf300hp2aterm_wg1200hp2aterm_wg1900hpaterm_w1200ex-msaterm_w300p_firmwareaterm_wm3500raterm_wg1800hp3_firmwareaterm_wr1200h_firmwareaterm_wf1200hp_firmwareaterm_wf300hp2_firmwareaterm_wr7800h_firmwareaterm_wr9300n_firmwareaterm_wg1200hs2_firmwareaterm_wg1800hp3aterm_wr8166n_firmwareaterm_wr6650s_firmwareaterm_wg1900hp2aterm_wg1200hs_firmwareaterm_wr6600haterm_wr8165naterm_wr7800haterm_wr8166naterm_wr8370n_firmwareaterm_cr2500p_firmwareaterm_wm3600raterm_wr8160naterm_wf1200hp2aterm_wr4100naterm_mr01ln_firmwareaterm_wm3800r_firmwareaterm_wg1200hp3_firmwareaterm_wr8750n_firmwareaterm_wr8370naterm_wg1800hp_firmwareaterm_wr8175n_firmwareaterm_mr02ln_firmwareaterm_wg1400hp_firmwareaterm_wg1810hp\(mf\)_firmwareaterm_wr8400naterm_wg1200hp2_firmwareaterm_wr4500naterm_wg1810hp\(mf\)aterm_wg1900hp_firmwareaterm_wm3450rnaterm_wr8200naterm_wf300hp_firmwareaterm_wg2200hpaterm_wr7870s_firmwareaterm_wr6670s_firmwareaterm_wg1200hp3aterm_wr8170n_firmwareaterm_wf1200hpaterm_wr8600naterm_wg600hp_firmwareaterm_wr8600n_firmwareaterm_wg1200hsaterm_wg1800hpaterm_wr8500naterm_wg1200hp_firmwareaterm_wr8170naterm_wr8300n_firmwareaterm_mr01lnaterm_wg1800hp4aterm_wr8400n_firmwareaterm_wm3450rn_firmwareWR6600HWM3500RW300PWR8300NWR1200HWR6670SWG600HPWF1200HP2WM3400RNWM3800RWR9300NWR8166NWG1800HP4WG2200HPWR8165NWG1200HS3WR6650SWM3450RNWG1200HSWF300HP2WG1200HP3WG1900HP2WF800HPWR8400NWR9500NWR8100NWF1200HPWR8160NWR7800HWR8500NWG1810HP(JE)WG1810HP(MF)WR4500NWR8200NWR8170NWG1800HP2CR2500PWR8600NWG1800HPWG1200HPWF300HPWM3600RWG1900HPWR8150NWG1200HS2WR4100NWG1400HPWR8370NWR8750NWR8175NWR7870SWG1800HP3WG1200HP2WR7850SMR01LNWG300HPMR02LNWR8700NW1200EX(-MS)aterm_wg1800hp4_firmware
CWE ID-CWE-489
Active Debug Code
CVE-2024-28011
Matching Score-8
Assigner-NEC Corporation
ShareView Details
Matching Score-8
Assigner-NEC Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 61.74%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 00:54
Updated-29 Sep, 2025 | 13:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hidden Functionality vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary OS command with the root privilege via the internet

Action-Not Available
Vendor-NEC Corporation
Product-aterm_wr1200haterm_wr9500n_firmwareaterm_wg600hpaterm_wg1400hpaterm_wr8750naterm_wr8300naterm_wg300hpaterm_wg1200hs2aterm_wg1200hs3_firmwareaterm_wg1810hp\(je\)aterm_wr8700naterm_wg1800hp2_firmwareaterm_wm3800raterm_w1200ex-ms_firmwareaterm_wg1800hp2aterm_wg1900hp2_firmwareaterm_mr02lnaterm_wf800hpaterm_wm3600r_firmwareaterm_wg1200hs3aterm_wr8700n_firmwareaterm_wr6600h_firmwareaterm_wg2200hp_firmwareaterm_wf300hpaterm_wr9300naterm_wf800hp_firmwareaterm_wr4500n_firmwareaterm_wg1810hp\(je\)_firmwareaterm_wr6670saterm_wg1800hp4_firmwareaterm_wr9500naterm_wg300hp_firmwareaterm_wr8150n_firmwareaterm_wg1200hpaterm_wr6650saterm_wr8175naterm_wr7850saterm_wr8100n_firmwareaterm_wr7850s_firmwareaterm_wr8200n_firmwareaterm_wm3400rnaterm_cr2500paterm_wr8100naterm_wm3500r_firmwareaterm_w300paterm_wr4100n_firmwareaterm_wm3400rn_firmwareaterm_wr7870saterm_wr8150naterm_wr8165n_firmwareaterm_wr8160n_firmwareaterm_wf1200hp2_firmwareaterm_wr8500n_firmwareaterm_wf300hp2aterm_wg1200hp2aterm_wg1900hpaterm_w1200ex-msaterm_w300p_firmwareaterm_wm3500raterm_wg1800hp3_firmwareaterm_wr1200h_firmwareaterm_wf1200hp_firmwareaterm_wf300hp2_firmwareaterm_wr7800h_firmwareaterm_wr9300n_firmwareaterm_wg1200hs2_firmwareaterm_wg1800hp3aterm_wr8166n_firmwareaterm_wr6650s_firmwareaterm_wg1900hp2aterm_wg1200hs_firmwareaterm_wr6600haterm_wr8165naterm_wr7800haterm_wr8166naterm_wr8370n_firmwareaterm_cr2500p_firmwareaterm_wm3600raterm_wr8160naterm_wf1200hp2aterm_wr4100naterm_mr01ln_firmwareaterm_wm3800r_firmwareaterm_wg1200hp3_firmwareaterm_wr8750n_firmwareaterm_wr8370naterm_wg1800hp_firmwareaterm_wr8175n_firmwareaterm_mr02ln_firmwareaterm_wg1400hp_firmwareaterm_wg1810hp\(mf\)_firmwareaterm_wr8400naterm_wg1200hp2_firmwareaterm_wr4500naterm_wg1810hp\(mf\)aterm_wg1900hp_firmwareaterm_wm3450rnaterm_wr8200naterm_wf300hp_firmwareaterm_wg2200hpaterm_wr7870s_firmwareaterm_wr6670s_firmwareaterm_wg1200hp3aterm_wr8170n_firmwareaterm_wf1200hpaterm_wr8600naterm_wg600hp_firmwareaterm_wr8600n_firmwareaterm_wg1200hsaterm_wg1800hpaterm_wr8500naterm_wg1200hp_firmwareaterm_wr8170naterm_wr8300n_firmwareaterm_mr01lnaterm_wg1800hp4aterm_wr8400n_firmwareaterm_wm3450rn_firmwareWR6600HWM3500RW300PWR8300NWR1200HWR6670SWG600HPWF1200HP2WM3400RNWM3800RWR9300NWR8166NWG1800HP4WG2200HPWR8165NWG1200HS3WR6650SWM3450RNWG1200HSWF300HP2WG1200HP3WG1900HP2WF800HPWR8400NWR9500NWR8100NWF1200HPWR8160NWR7800HWR8500NWG1810HP(JE)WG1810HP(MF)WR4500NWR8200NWR8170NWG1800HP2CR2500PWR8600NWG1800HPWG1200HPWF300HPWM3600RWG1900HPWR8150NWG1200HS2WR4100NWG1400HPWR8370NWR8750NWR8175NWR7870SWG1800HP3WG1200HP2WR7850SMR01LNWG300HPMR02LNWR8700NW1200EX(-MS)aterm_wr9500n_firmware
CWE ID-CWE-912
Hidden Functionality
CVE-2023-3741
Matching Score-8
Assigner-NEC Corporation
ShareView Details
Matching Score-8
Assigner-NEC Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.55% / 67.40%
||
7 Day CHG~0.00%
Published-30 Nov, 2023 | 00:55
Updated-02 Dec, 2024 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An OS Command injection vulnerability in NEC Platforms DT900 and DT900S Series all versions allows an attacker to execute any command on the device.

Action-Not Available
Vendor-NEC Platforms, Ltd.NEC Corporation
Product-itk-12dg-1p\(bk\)telitk-6dgs-1\(bk\)telitk-8tcgx-1\(bk\)tel_firmwareitk-6dgs-1p\(bk\)tel_firmwareitk-32lcg-1p\(bk\)tel_firmwareitk-32lcg-1p\(bk\)telitk-6dgs-1a\(bk\)telitk-32tcgs-1\(bk\)tel_firmwareitk-8lcx-1p\(bk\)tel_firmwareitk-32lcgs-1a\(bk\)telitk-12dg-1p\(bk\)tel_firmwareitk-6d-1p\(bk\)tel_firmwareitk-8lcx-1\(bk\)tel_firmwareitk-8tcgx-1p\(bk\)telitk-6dg-1p\(bk\)tel_firmwareitk-8tcgx-1p\(bk\)tel_firmwareitk-32tcg-1p\(bk\)telitk-6d-1\(bk\)tel_firmwareitk-32tcgs-1p\(bk\)telitk-32tcg-1p\(bk\)tel_firmwareitk-32lcgs-1p\(bk\)telitk-32tcgs-1a\(bk\)tel_firmwareitk-6dg-1p\(bk\)telitk-8lcg-1p\(bk\)telitk-8tcgx-1\(bk\)telitk-6d-1\(bk\)telitk-32tcgs-1a\(bk\)telitk-32lcgs-1a\(bk\)tel_firmwareitk-6d-1p\(bk\)telitk-12d-1p\(bk\)tel_firmwareitk-32lcgs-1\(bk\)tel_firmwareitk-8lcx-1p\(bk\)telitk-32lcgs-1p\(bk\)tel_firmwareitk-12d-1\(bk\)tel_firmwareitk-12d-1\(bk\)telitk-6dgs-1\(bk\)tel_firmwareitk-8lcg-1p\(bk\)tel_firmwareitk-6dgs-1a\(bk\)tel_firmwareitk-32tcgs-1\(bk\)telitk-6dgs-1p\(bk\)telitk-32tcgs-1p\(bk\)tel_firmwareitk-32lcgs-1\(bk\)telitk-8lcx-1\(bk\)telitk-12d-1p\(bk\)telITK-6DGS-1P(BK) TELITK-32LCGS-1P(BK) TELITK-6DG-1P(BK)TELITK-32LCGS-1(BK) TELITK-8TCGX-1(BK)TELITK-6DGS-1A(BK) TELITK-8LCG-1P(BK)TELITK-8LCX-1(BK)TELITK-8TCGX-1P(BK)TELITK-32TCG-1P(BK)TELITK-32TCGS-1A(BK) TELITK-12D-1P(BK)TELITK-6D-1(BK)TELITK-32TCGS-1(BK) TELITK-6D-1P(BK)TELITK-6DGS-1(BK) TELITK-32LCGS-1A(BK) TELITK-12D-1(BK)TELITK-32LCG-1P(BK)TELITK-12DG-1P(BK)TELITK-8LCX-1P(BK)TELITK-32TCGS-1P(BK) TEL
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-20700
Matching Score-8
Assigner-NEC Corporation
ShareView Details
Matching Score-8
Assigner-NEC Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.62% / 81.54%
||
7 Day CHG~0.00%
Published-02 Nov, 2021 | 23:29
Updated-03 Aug, 2024 | 17:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote code execution via a network.

Action-Not Available
Vendor-NEC Corporation
Product-clusterpro_xclusterpro_x_singleserversafeexpresscluster_xexpresscluster_x_singleserversafeCLUSTERPRO X
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-34822
Matching Score-8
Assigner-NEC Corporation
ShareView Details
Matching Score-8
Assigner-NEC Corporation
CVSS Score-9.8||CRITICAL
EPSS-5.37% / 89.89%
||
7 Day CHG~0.00%
Published-08 Nov, 2022 | 00:00
Updated-02 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Path traversal vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code.

Action-Not Available
Vendor-NEC Corporation
Product-expresscluster_xexpresscluster_x_singleserversafeCLUSTERPRO X
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-34824
Matching Score-8
Assigner-NEC Corporation
ShareView Details
Matching Score-8
Assigner-NEC Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.37% / 79.92%
||
7 Day CHG~0.00%
Published-08 Nov, 2022 | 00:00
Updated-01 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Weak File and Folder Permissions vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code.

Action-Not Available
Vendor-NEC Corporation
Product-expresscluster_x_singleserversafeexpresscluster_xCLUSTERPRO X
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-34825
Matching Score-8
Assigner-NEC Corporation
ShareView Details
Matching Score-8
Assigner-NEC Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.64% / 81.64%
||
7 Day CHG~0.00%
Published-08 Nov, 2022 | 00:00
Updated-01 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled Search Path Element in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code.

Action-Not Available
Vendor-NEC Corporation
Product-expresscluster_x_singleserversafeexpresscluster_xCLUSTERPRO X
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2020-5685
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-0.61% / 69.41%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 09:40
Updated-04 Aug, 2024 | 08:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

UNIVERGE SV9500 series from V1 to V7and SV8500 series from S6 to S8 allows an attacker to execute arbitrary OS commands or cause a denial-of-service (DoS) condition by sending a specially crafted request to a specific URL.

Action-Not Available
Vendor-NEC Corporation
Product-univerge_sv8500univerge_sv9500_firmwareuniverge_sv8500_firmwareuniverge_sv9500UNIVERGE SV9500/SV8500 series
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-28006
Matching Score-6
Assigner-NEC Corporation
ShareView Details
Matching Score-6
Assigner-NEC Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.30% / 53.20%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 00:51
Updated-29 Sep, 2025 | 13:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to view device information.

Action-Not Available
Vendor-NEC Corporation
Product-aterm_wr1200haterm_wr9500n_firmwareaterm_wg600hpaterm_wg1400hpaterm_wr8750naterm_wm3450rn_firmwareaterm_wg300hpaterm_wg1200hs2aterm_wg1200hs3_firmwareaterm_wg1810hp\(je\)aterm_wr8700naterm_wg1800hp2_firmwareaterm_wm3800raterm_w1200ex-ms_firmwareaterm_wg1800hp2aterm_wg1900hp2_firmwareaterm_mr02lnaterm_wf800hpaterm_wm3600r_firmwareaterm_wg1200hs3aterm_wr8700n_firmwareaterm_wr6600h_firmwareaterm_wg2200hp_firmwareaterm_wf300hpaterm_wr9300naterm_wf800hp_firmwareaterm_wr4500n_firmwareaterm_wg1810hp\(je\)_firmwareaterm_wr6670saterm_wg1800hp4_firmwareaterm_wr9500naterm_wg300hp_firmwareaterm_wr8150n_firmwareaterm_wg1200hpaterm_wr6650saterm_wr8175naterm_wr7850saterm_wr8100n_firmwareaterm_wr7850s_firmwareaterm_wr8200n_firmwareaterm_wm3400rnaterm_cr2500paterm_wr8100naterm_wm3500r_firmwareaterm_w300paterm_wr4100n_firmwareaterm_wm3400rn_firmwareaterm_wr7870saterm_wr8150naterm_wr8165n_firmwareaterm_wr8160n_firmwareaterm_wf1200hp2_firmwareaterm_wr8500n_firmwareaterm_wf300hp2aterm_wg1200hp2aterm_wg1900hpaterm_w1200ex-msaterm_wm3500raterm_w300p_firmwareaterm_wg1800hp3_firmwareaterm_wr7800h_firmwareaterm_wf1200hp_firmwareaterm_wf300hp2_firmwareaterm_wr1200h_firmwareaterm_wr9300n_firmwareaterm_wg1200hs2_firmwareaterm_wg1800hp3aterm_wr8166n_firmwareaterm_wr6650s_firmwareaterm_wg1900hp2aterm_wr6600haterm_wg1200hs_firmwareaterm_wr8165naterm_wr7800haterm_wr8166naterm_wr8370n_firmwareaterm_cr2500p_firmwareaterm_wm3600raterm_wr8160naterm_wf1200hp2aterm_wr4100naterm_mr01ln_firmwareaterm_wm3800r_firmwareaterm_wg1200hp3_firmwareaterm_wr8750n_firmwareaterm_wr8370naterm_mr02ln_firmwareaterm_wg1800hp_firmwareaterm_wr8175n_firmwareaterm_wg1400hp_firmwareaterm_wg1810hp\(mf\)_firmwareaterm_wr8400naterm_wg1200hp2_firmwareaterm_wr4500naterm_wg1810hp\(mf\)aterm_wg1900hp_firmwareaterm_wm3450rnaterm_wr8200naterm_wf300hp_firmwareaterm_wg2200hpaterm_wr7870s_firmwareaterm_wr6670s_firmwareaterm_wg1200hp3aterm_wr8170n_firmwareaterm_wf1200hpaterm_wr8600naterm_wg600hp_firmwareaterm_wr8600n_firmwareaterm_wg1200hsaterm_wg1800hpaterm_wr8500naterm_wg1200hp_firmwareaterm_wr8170naterm_wr8300n_firmwareaterm_mr01lnaterm_wg1800hp4aterm_wr8400n_firmwareaterm_wr8300nMR02LNW1200EX(-MS)WF300HPWG1810HP(JE)WG1200HS3WG600HPWG1200HP2WR8100NWG1800HP2WR8150NCR2500PWG300HPWR4100NWG1200HPWG1800HP3WR8175NWR8600NWR8700NWM3400RNWM3450RNWG1900HP2WG1800HPWR8166NWM3600RWG1400HPWG1200HS2WR6670SWR6650SWR8370NWF1200HP2WR7800HMR01LNWG1810HP(MF)WR4500NWR9300NWR8165NWR8300NWR8400NWG1200HP3WR7870SWG1800HP4WR6600HWF300HP2WG2200HPWR8170NWR9500NWF800HPWR8200NWR8500NWR7850SW300PWR1200HWR8160NWR8750NWF1200HPWM3500RWG1900HPWM3800RWG1200HS
CWE ID-CWE-287
Improper Authentication
CVE-2020-5686
Matching Score-6
Assigner-JPCERT/CC
ShareView Details
Matching Score-6
Assigner-JPCERT/CC
CVSS Score-7.5||HIGH
EPSS-0.29% / 52.05%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 09:40
Updated-04 Aug, 2024 | 08:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect implementation of authentication algorithm issue in UNIVERGE SV9500 series from V1 to V7and SV8500 series from S6 to S8 allows an attacker to access the remote system maintenance feature and obtain the information by sending a specially crafted request to a specific URL.

Action-Not Available
Vendor-NEC Corporation
Product-univerge_sv8500univerge_sv9500_firmwareuniverge_sv8500_firmwareuniverge_sv9500UNIVERGE SV9500/SV8500 series
CWE ID-CWE-287
Improper Authentication
CVE-2008-6857
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.58% / 68.37%
||
7 Day CHG~0.00%
Published-14 Jul, 2009 | 14:00
Updated-07 Aug, 2024 | 11:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Absolute Podcast .NET 1.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.

Action-Not Available
Vendor-xiglan/a
Product-absolute_podcast.netn/a
CWE ID-CWE-287
Improper Authentication
CVE-2008-7263
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.65% / 70.35%
||
7 Day CHG~0.00%
Published-19 Oct, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack.

Action-Not Available
Vendor-g.rodolan/a
Product-pyftpdlibn/a
CWE ID-CWE-287
Improper Authentication
CVE-2008-7124
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-8.16% / 92.00%
||
7 Day CHG~0.00%
Published-31 Aug, 2009 | 10:00
Updated-07 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

zKup CMS 2.0 through 2.3 does not require administrative authentication for admin/configuration/modifier.php, which allows remote attackers to gain administrator privileges via a direct request, as demonstrated by adding a new administrator.

Action-Not Available
Vendor-zkupn/a
Product-zkupn/a
CWE ID-CWE-287
Improper Authentication
CVE-2008-6947
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.76% / 85.72%
||
7 Day CHG~0.00%
Published-12 Aug, 2009 | 10:00
Updated-07 Aug, 2024 | 11:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Collabtive 0.4.8 allows remote attackers to bypass authentication and create new users, including administrators, via unspecified vectors associated with the added mode in a users action to admin.php.

Action-Not Available
Vendor-collabtiven/a
Product-collabtiven/a
CWE ID-CWE-287
Improper Authentication
CVE-2008-6723
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.94% / 83.13%
||
7 Day CHG~0.00%
Published-14 Apr, 2009 | 16:00
Updated-07 Aug, 2024 | 11:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TurnkeyForms Entertainment Portal 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the adminLogged cookie to Administrator.

Action-Not Available
Vendor-turnkeyformsn/a
Product-entertainment_portaln/a
CWE ID-CWE-287
Improper Authentication
CVE-2008-7179
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.06% / 77.32%
||
7 Day CHG~0.00%
Published-08 Sep, 2009 | 10:00
Updated-07 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OTManager CMS 2.4 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN_Hora, ADMIN_Logado, and ADMIN_Nome cookies to certain values, as reachable in Admin/index.php.

Action-Not Available
Vendor-otmanagern/a
Product-otmanager_cmsn/a
CWE ID-CWE-287
Improper Authentication
CVE-2008-6719
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.31% / 86.96%
||
7 Day CHG~0.00%
Published-13 Apr, 2009 | 15:00
Updated-07 Aug, 2024 | 11:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

U&M Software Event Lister (aka JustListIt) 1.0 does not require administrative authentication for all scripts in the admin/ directory, which allows remote attackers to have an unspecified impact via a direct request to (1) start.php, (2) aktivitet.php, (3) prop_aktivitet.php, (4) kategorier.php, (5) konfig.php, (6) security.php, (7) manual.php, and possibly (8) index.php.

Action-Not Available
Vendor-uochmn/a
Product-justlistitn/a
CWE ID-CWE-287
Improper Authentication
CVE-2008-7027
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.06% / 77.32%
||
7 Day CHG~0.00%
Published-21 Aug, 2009 | 14:00
Updated-07 Aug, 2024 | 11:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Libra File Manager 1.18 and earlier allows remote attackers to bypass authentication and gain privileges by setting the user and pass cookies to 1.

Action-Not Available
Vendor-libra_file_managern/a
Product-php_filemanagern/a
CWE ID-CWE-287
Improper Authentication
CVE-2008-6912
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.65% / 85.46%
||
7 Day CHG~0.00%
Published-07 Aug, 2009 | 18:33
Updated-07 Aug, 2024 | 11:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zeeways SHAADICLONE 2.0 allows remote attackers to bypass authentication and gain administrative privileges via a direct request to admin/home.php.

Action-Not Available
Vendor-zeewaysn/a
Product-shaadiclonen/a
CWE ID-CWE-287
Improper Authentication
CVE-2015-6401
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-7.87% / 91.83%
||
7 Day CHG~0.00%
Published-14 Dec, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco EPC3928 devices with EDVA 5.5.10, 5.5.11, and 5.7.1 allow remote attackers to bypass an intended authentication requirement and execute unspecified administrative functions via a crafted HTTP request, aka Bug ID CSCux24941.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-epc3928_docsis_3.0_8x4_wireless_residential_gateway_with_embedded_digital_voice_adaptern/a
CWE ID-CWE-287
Improper Authentication
CVE-2015-6237
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.58% / 68.46%
||
7 Day CHG~0.00%
Published-27 Dec, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The RPC service in Tripwire (formerly nCircle) IP360 VnE Manager 7.2.2 before 7.2.6 allows remote attackers to bypass authentication and (1) enumerate users, (2) reset passwords, or (3) manipulate IP filter restrictions via crafted "privileged commands."

Action-Not Available
Vendor-tripwiren/a
Product-ip360n/a
CWE ID-CWE-287
Improper Authentication
CVE-2009-0280
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.90% / 86.06%
||
7 Day CHG~0.00%
Published-27 Jan, 2009 | 18:00
Updated-07 Aug, 2024 | 04:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Asp Project Management 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the crypt cookie to 1.

Action-Not Available
Vendor-asp-projectn/a
Product-asp-projectn/a
CWE ID-CWE-287
Improper Authentication
CVE-2008-6855
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.49% / 65.22%
||
7 Day CHG~0.00%
Published-14 Jul, 2009 | 14:00
Updated-07 Aug, 2024 | 11:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Xigla Software Absolute News Feed 1.0 and possibly 1.5 allows remote attackers to bypass authentication and gain administrative access by setting a certain cookie.

Action-Not Available
Vendor-xiglan/a
Product-absolute_news_feedn/a
CWE ID-CWE-287
Improper Authentication
CVE-2008-6718
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.01% / 86.30%
||
7 Day CHG~0.00%
Published-13 Apr, 2009 | 15:00
Updated-07 Aug, 2024 | 11:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

U&M Software JustBookIt 1.0 does not require administrative authentication for all scripts in the admin/ directory, which allows remote attackers to have an unspecified impact via a direct request to (1) user_manual.php, (2) user_config.php, (3) user_kundnamn.php, (4) user_kundlista.php, (5) user_aktiva_kunder.php, (6) database.php, and possibly (7) index.php.

Action-Not Available
Vendor-uochmn/a
Product-justbookitn/a
CWE ID-CWE-287
Improper Authentication
CVE-2008-6739
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.01% / 86.30%
||
7 Day CHG~0.00%
Published-21 Apr, 2009 | 18:07
Updated-07 Aug, 2024 | 11:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Todd Woolums ASP Download management script 1.03 does not require authentication for setupdownload.asp, which allows remote attackers to gain administrator privileges via a direct request.

Action-Not Available
Vendor-toddwoolumsn/a
Product-asp_downloadn/a
CWE ID-CWE-287
Improper Authentication
CVE-2008-6860
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.47% / 64.13%
||
7 Day CHG~0.00%
Published-14 Jul, 2009 | 14:00
Updated-07 Aug, 2024 | 11:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Xigla Software Absolute Poll Manager XE 4.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.

Action-Not Available
Vendor-xiglan/a
Product-absolute_poll_manager_xen/a
CWE ID-CWE-287
Improper Authentication
CVE-2008-6716
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.31% / 86.96%
||
7 Day CHG~0.00%
Published-13 Apr, 2009 | 15:00
Updated-07 Aug, 2024 | 11:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

homeadmin/adminhome.php in Pre ADS Portal 2.0 and earlier does not require administrative authentication, which allows remote attackers to have an unspecified impact via a direct request.

Action-Not Available
Vendor-preprojectsn/a
Product-pre_ads_portaln/a
CWE ID-CWE-287
Improper Authentication
CVE-2008-7019
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.59% / 81.32%
||
7 Day CHG~0.00%
Published-21 Aug, 2009 | 14:00
Updated-07 Aug, 2024 | 11:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Esqlanelapse 2.6.1 and 2.6.2 allows remote attackers to bypass authentication and gain privileges via modified (1) enombre and (2) euri cookies.

Action-Not Available
Vendor-esqlanelapsen/a
Product-esqlanelapsen/a
CWE ID-CWE-287
Improper Authentication
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 24
  • 25
  • Next
Details not found