ByteOS Network

Missing Authorization vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to get a specific device information and change the settings via network.

Vendor-NEC Platforms, Ltd.NEC Corporation

Product-aterm_wg1200hp2 aterm_wg1200hp3 aterm_wg1800hp4_firmware aterm_wg2600hm4 aterm_w1200ex-ms_firmware aterm_wg2600hp4_firmware aterm_wf1200cr_firmware aterm_wx1500hp_firmware aterm_wg1900hp aterm_wg1200hs2_firmware aterm_wg1200cr_firmware aterm_wg2600hp4 aterm_wg1200hp4_firmware aterm_wg2600hm4_firmware aterm_wg1200hs4_firmware aterm_wf1200cr aterm_wg1800hp3 aterm_wx3000hp aterm_wg1900hp_firmware aterm_wg1200hs3_firmware aterm_wg1200hp2_firmware aterm_wg1900hp2_firmware aterm_wg1200cr aterm_wx3600hp_firmware aterm_wg1200hs4 aterm_wg2600hs aterm_wg2600hs2_firmware aterm_wg2600hs2 aterm_wx3600hp aterm_wx1500hp aterm_wg1200hp4 aterm_wg1200hp3_firmware aterm_w1200ex-ms aterm_wx3000hp_firmware aterm_wg1200hs2 aterm_wg1800hp3_firmware aterm_wg1800hp4 aterm_wg1200hs3 aterm_wg2600hs_firmware aterm_wg1900hp2 Aterm WG1200HS3 Aterm WG2600HS2 Aterm GX1200HS4 Aterm WG1200DM4 Aterm WG2600HM4 Aterm W1200EX(-MS)Aterm WG1800HP3 Aterm WX3600HP Aterm WG1900HP2 Aterm WG1900HP Aterm WG2600HP4 Aterm WG1200HP4 Aterm WX3000HP Aterm GB1200PE Aterm WG1200HP2 Aterm WG1200HS4 Aterm WG1800HP4 Aterm WG1200HS2 Aterm WX1500HP Aterm WG1200HP3 Aterm GX1200HP Aterm WG1200CR Aterm WF1200CR Aterm WG2600HS

CWE ID-CWE-862

Missing Authorization

CVE-2022-25621

Assigner-NEC Corporation

View Details

Assigner-NEC Corporation

CVSS Score-9.8||CRITICAL

EPSS-0.96% / 76.55%

||

7 Day CHG~0.00%

Published-11 Mar, 2022 | 17:54

Updated-03 Aug, 2024 | 04:42

UUNIVERGE WA 1020 Ver8.2.11 and prior, UNIVERGE WA 1510 Ver8.2.11 and prior, UNIVERGE WA 1511 Ver8.2.11 and prior, UNIVERGE WA 1512 Ver8.2.11 and prior, UNIVERGE WA 2020 Ver8.2.11 and prior, UNIVERGE WA 2021 Ver8.2.11 and prior, UNIVERGE WA 2610-AP Ver8.2.11 and prior, UNIVERGE WA 2611-AP Ver8.2.11 and prior, UNIVERGE WA 2611E-AP Ver8.2.11 and prior, UNIVERGE WA WA2612-AP Ver8.2.11 and prior allows a remote attacker to execute arbitrary OS commands.

Vendor-NEC Platforms, Ltd.NEC Corporation

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2021-20677

Assigner-JPCERT/CC

View Details

Assigner-JPCERT/CC

CVSS Score-3.1||LOW

EPSS-0.30% / 52.95%

||

7 Day CHG~0.00%

Published-26 Mar, 2021 | 08:50

Updated-03 Aug, 2024 | 17:45

UNIVERGE Aspire series PBX (UNIVERGE Aspire WX from 1.00 to 3.51, UNIVERGE Aspire UX from 1.00 to 9.70, UNIVERGE SV9100 from 1.00 to 10.70, and SL2100 from 1.00 to 3.00) allows a remote authenticated attacker to cause system down and a denial of service (DoS) condition by sending a specially crafted command.

Vendor-NEC Platforms, Ltd.

Product-univerge_aspire_wx_firmware univerge_aspire_ux sl2100_firmware univerge_sv9100_firmware univerge_aspire_wx sl2100 univerge_sv9100 univerge_aspire_ux_firmware UNIVERGE Aspire series PBX

CVE-2021-20653

Assigner-JPCERT/CC

View Details

Assigner-JPCERT/CC

CVSS Score-5.3||MEDIUM

EPSS-0.20% / 41.43%

||

7 Day CHG~0.00%

Published-17 Feb, 2021 | 02:05

Updated-03 Aug, 2024 | 17:45

Calsos CSDJ (CSDJ-B 01.08.00 and earlier, CSDJ-H 01.08.00 and earlier, CSDJ-D 01.08.00 and earlier, and CSDJ-A 03.08.00 and earlier) allows remote attackers to bypass access restriction and to obtain unauthorized historical data without access privileges via unspecified vectors.

Vendor-NEC Platforms, Ltd.NEC Corporation

Product-csdj-a_firmware csdj-d csdj-b csdj-a csdj-h csdj-b_firmware csdj-h_firmware csdj-d_firmware Calsos CSDJ

CWE ID-CWE-276

Incorrect Default Permissions

CVE-2018-0613

Assigner-JPCERT/CC

View Details

Assigner-JPCERT/CC

CVSS Score-8.8||HIGH

EPSS-0.31% / 54.12%

||

7 Day CHG~0.00%

Published-26 Jul, 2018 | 17:00

Updated-05 Aug, 2024 | 03:28

NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00) allows remote authenticated attackers to bypass access restriction to conduct arbitrary operations with administrative privilege via unspecified vectors.

Vendor-NEC Platforms, Ltd.

Product-calsos_csdj-d_firmware calsos_csdj-h calsos_csdj-a_firmware calsos_csdj-b calsos_csdj-d calsos_csdx_firmware calsos_csdx\(s\)_firmware calsos_csdx\(p\)calsos_csdx\(d\)_firmware calsos_csdj-h_firmware calsos_csdx\(p\)_firmware calsos_csdx\(d\)calsos_csdx calsos_csdx\(s\)calsos_csdj-b_firmware calsos_csdj-a Calsos CSDX and CSDJ series products

CWE ID-CWE-269

Improper Privilege Management

CVE-2018-0614

Assigner-JPCERT/CC

View Details

Assigner-JPCERT/CC

CVSS Score-6.1||MEDIUM

EPSS-0.26% / 49.42%

||

7 Day CHG~0.00%

Published-26 Jul, 2018 | 17:00

Updated-05 Aug, 2024 | 03:28

Cross-site scripting vulnerability in NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-NEC Platforms, Ltd.

Product-calsos_csdj-d_firmware calsos_csdj-h calsos_csdj-a_firmware calsos_csdj-b calsos_csdj-d calsos_csdx_firmware calsos_csdx\(s\)_firmware calsos_csdx\(p\)calsos_csdx\(d\)_firmware calsos_csdj-h_firmware calsos_csdx\(p\)_firmware calsos_csdx\(d\)calsos_csdx calsos_csdx\(s\)calsos_csdj-b_firmware calsos_csdj-a Calsos CSDX and CSDJ series products

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

NEC Platforms, Ltd.

Source -

BOS Name -

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -