Shodan
Vulnerabilities
Vulnerable Software
Nec:  Security Vulnerabilities
CVE-2018-0632
Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary code via HTTP request and response.
CVSS Score
7.2
EPSS Score
0.017
Published
2019-01-09
CVE-2018-0633
Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary code via submit-url parameter.
CVSS Score
7.2
EPSS Score
0.017
Published
2019-01-09
CVE-2018-0634
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter or bootmode parameter of a certain URL.
CVSS Score
7.2
EPSS Score
0.006
Published
2019-01-09
CVE-2018-0635
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via filename parameter.
CVSS Score
7.2
EPSS Score
0.006
Published
2019-01-09
CVE-2018-0636
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter of a certain URL, different URL from CVE-2018-0634.
CVSS Score
7.2
EPSS Score
0.006
Published
2019-01-09
CVE-2018-0637
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via export.cgi encKey parameter.
CVSS Score
7.2
EPSS Score
0.007
Published
2019-01-09
CVE-2018-11741
NEC Univerge Sv9100 WebPro 6.00.00 devices have Predictable Session IDs that result in Account Information Disclosure via Home.htm?sessionId=#####&GOTO(8) URIs.
CVSS Score
9.8
EPSS Score
0.593
Published
2018-12-26
CVE-2018-11742
NEC Univerge Sv9100 WebPro 6.00.00 devices have Cleartext Password Storage in the Web UI.
CVSS Score
9.8
EPSS Score
0.479
Published
2018-12-26
CVE-2016-1145
Directory traversal vulnerability in WebManager in NEC EXPRESSCLUSTER X through 3.3 11.31 on Windows and through 3.3 3.3.1-1 on Linux and Solaris allows remote attackers to read arbitrary files via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.004
Published
2016-01-30
CVE-2013-7314
The OSPF implementation on NEC IP38X, IX1000, IX2000, and IX3000 routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.
CVSS Score
6.8
EPSS Score
0.01
Published
2014-01-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved