VYPR
Get started
← All vendors
Vendor

NEC

Sign in to watch

NEC Corporation is a Japanese multinational information technology corporation headquartered at the NEC Supertower in Minato, Tokyo, Japan. It provides IT and network solutions, including cloud computing, artificial intelligence (AI), Internet of Things (IoT) platform, and telecommunications equipment and software to business enterprises, communications services providers and to government agencies. It is one of the five largest defense contractors in Japan.

Founded 1899
Products
72
CVEs
32
Across products
161
Status
Private

Products

72

Recent CVEs

32
CVESevRiskCVSSEPSSKEVPublishedDescription
CVE-2026-4622Cri0.649.80.00Mar 27, 2026OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network.
CVE-2026-4620Cri0.649.80.00Mar 27, 2026OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network.
CVE-2026-4619Cri0.649.80.00Mar 27, 2026Path Traversal vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to wtite over any file via network.
CVE-1999-0043Cri0.649.80.02Dec 4, 1996Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others.
CVE-2016-1145Hig0.497.50.00Jan 30, 2016Directory traversal vulnerability in WebManager in NEC EXPRESSCLUSTER X through 3.3 11.31 on Windows and through 3.3 3.3.1-1 on Linux and Solaris allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2026-4309Med0.426.50.00Mar 27, 2026Missing Authorization vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to get a specific device information and change the settings via network.
CVE-2026-4621Med0.365.60.00Mar 27, 2026Hidden Functionality vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to enable telnet via network.
CVE-1999-0011Med0.365.40.11Apr 8, 1998Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer.
CVE-1999-00090.090.80Apr 8, 1998Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.
CVE-1999-02080.070.45Dec 12, 1995rpc.ypupdated (NIS) allows remote users to execute arbitrary commands.
CVE-1999-00400.030.00May 1, 1997Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges.
CVE-2002-23680.010.17Dec 31, 2002Multiple buffer overflows in NEC SOCKS5 1.0 r11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via a long username to (1) the GetString function in proxy.c for the SOCKS5 module or (2) the HandleS4Connection function in proxy.c for the SOCKS4 module.
CVE-2013-73140.000.03Jan 23, 2014The OSPF implementation on NEC IP38X, IX1000, IX2000, and IX3000 routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.
CVE-2013-07170.000.00Mar 19, 2013Multiple cross-site request forgery (CSRF) vulnerabilities in the web-based management utility on the NEC AtermWR9500N, AtermWR8600N, AtermWR8370N, AtermWR8160N, AtermWM3600R, and AtermWM3450RN routers allow remote attackers to hijack the authentication of administrators for requests that (1) initialize settings or (2) reboot the device.
CVE-2013-07060.000.01Feb 22, 2013NEC Universal RAID Utility 1.40 Rev 680 and earlier, 2.31 Rev 1492 and earlier, and 2.5 Rev 2244 and earlier does not provide access control, which allows remote attackers to perform arbitrary RAID disk operations via unspecified vectors.
CVE-2011-13230.000.01May 9, 2011Yamaha RTX, RT, SRT, RTV, RTW, and RTA series routers with firmware 6.x through 10.x, and NEC IP38X series routers with firmware 6.x through 10.x, do not properly handle IP header options, which allows remote attackers to cause a denial of service (device reboot) via a crafted option that triggers access to an invalid memory location.
CVE-2010-19430.000.02May 19, 2010Unspecified vulnerability in NEC CapsSuite Small Edition PatchMeister 2.0 Update2 and earlier allows remote attackers to cause a denial of service (OS shutdown or restart) via vectors related to Client Service for PTM and crafted packets to port 56015.
CVE-2010-19410.000.02May 19, 2010Unspecified vulnerability in NEC WebSAM DeploymentManager 5.13 and earlier, as used in SigmaSystemCenter 2.1 Update2 and earlier, BladeSystemCenter, ExpressSystemCenter, and VirtualPCCenter 2.2 and earlier, allows remote attackers to cause a denial of service (OS shutdown or restart) via unknown vectors related to Client Service for DPM and crafted packets to port 56010.
CVE-2008-03780.000.02Jan 22, 2008Stack-based buffer overflow in SocksCap 2.40-051231 and earlier, when "Resolve all names remotely" is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hostname.
CVE-2007-55570.000.01Oct 18, 2007Unspecified vulnerability in the NEC mobile handset allows remote attackers to cause a denial of service (reboot) via crafted packets. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.