Vendor CVEs
NEC
All CVEs
142 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-0637 | 0.00 | — | 0.01 | Jan 9, 2019 | Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via export.cgi encKey parameter. | |||
| CVE-2018-0636 | 0.00 | — | 0.01 | Jan 9, 2019 | Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter of a certain URL, different URL from CVE-2018-0634. | |||
| CVE-2018-0635 | 0.00 | — | 0.01 | Jan 9, 2019 | Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via filename parameter. | |||
| CVE-2018-0629 | 0.00 | — | 0.01 | Jan 9, 2019 | Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via HTTP request and response. | |||
| CVE-2018-0640 | 0.00 | — | 0.02 | Jan 9, 2019 | Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary code via netWizard.cgi date parameter, time parameter, and offset parameter. | |||
| CVE-2018-16192 | 0.00 | — | 0.01 | Jan 9, 2019 | Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allow an attacker on the same network segment to obtain information registered on the device via unspecified vectors. | |||
| CVE-2018-0627 | 0.00 | — | 0.01 | Jan 9, 2019 | Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via targetAPSsid parameter. | |||
| CVE-2018-16195 | 0.00 | — | 0.01 | Jan 9, 2019 | Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands via SOAP interface of UPnP. | |||
| CVE-2018-0639 | 0.00 | — | 0.01 | Jan 9, 2019 | Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via tools_firmware.cgi date parameter, time parameter, and offset parameter. | |||
| CVE-2018-0631 | 0.00 | — | 0.01 | Jan 9, 2019 | Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via targetAPSsid parameter. | |||
| CVE-2018-0641 | 0.00 | — | 0.02 | Jan 9, 2019 | Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary code via tools_system.cgi date parameter, time parameter, and offset parameter. | |||
| CVE-2018-16193 | 0.00 | — | 0.01 | Jan 9, 2019 | Cross-site scripting vulnerability in Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2018-0632 | 0.00 | — | 0.02 | Jan 9, 2019 | Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary code via HTTP request and response. | |||
| CVE-2018-0630 | 0.00 | — | 0.01 | Jan 9, 2019 | Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via sysCmd parameter. | |||
| CVE-2018-16194 | 0.00 | — | 0.01 | Jan 9, 2019 | Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows authenticated attackers to execute arbitrary OS commands via unspecified vectors. | |||
| CVE-2018-0626 | 0.00 | — | 0.01 | Jan 9, 2019 | Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via sysCmd in formWsc parameter. | |||
| CVE-2018-0638 | 0.00 | — | 0.01 | Jan 9, 2019 | Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via import.cgi encKey parameter. | |||
| CVE-2018-0633 | 0.00 | — | 0.02 | Jan 9, 2019 | Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary code via submit-url parameter. | |||
| CVE-2018-0625 | 0.00 | — | 0.01 | Jan 9, 2019 | Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via formSysCmd parameter. | |||
| CVE-2018-0634 | 0.00 | — | 0.01 | Jan 9, 2019 | Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter or bootmode parameter of a certain URL. | |||
| CVE-2013-7314 | 0.00 | — | 0.02 | Jan 23, 2014 | The OSPF implementation on NEC IP38X, IX1000, IX2000, and IX3000 routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a… | |||
| CVE-2013-0717 | 0.00 | — | 0.01 | Mar 19, 2013 | Multiple cross-site request forgery (CSRF) vulnerabilities in the web-based management utility on the NEC AtermWR9500N, AtermWR8600N, AtermWR8370N, AtermWR8160N, AtermWM3600R, and AtermWM3450RN routers allow remote attackers to hijack the authentication of administrators for… | |||
| CVE-2013-0706 | 0.00 | — | 0.02 | Feb 22, 2013 | NEC Universal RAID Utility 1.40 Rev 680 and earlier, 2.31 Rev 1492 and earlier, and 2.5 Rev 2244 and earlier does not provide access control, which allows remote attackers to perform arbitrary RAID disk operations via unspecified vectors. | |||
| CVE-2012-2640 | 0.00 | — | 0.01 | Jul 5, 2012 | The NEC BIGLOBE Yome Collection application 1.8.3 and earlier for Android allows remote attackers to read the IMEI value from an SD card via a crafted application that lacks the READ_PHONE_STATE permission. | |||
| CVE-2011-1323 | 0.00 | — | 0.02 | May 9, 2011 | Yamaha RTX, RT, SRT, RTV, RTW, and RTA series routers with firmware 6.x through 10.x, and NEC IP38X series routers with firmware 6.x through 10.x, do not properly handle IP header options, which allows remote attackers to cause a denial of service (device reboot) via a crafted… | |||
| CVE-2010-1943 | 0.00 | — | 0.03 | May 19, 2010 | Unspecified vulnerability in NEC CapsSuite Small Edition PatchMeister 2.0 Update2 and earlier allows remote attackers to cause a denial of service (OS shutdown or restart) via vectors related to Client Service for PTM and crafted packets to port 56015. | |||
| CVE-2010-1941 | 0.00 | — | 0.03 | May 19, 2010 | Unspecified vulnerability in NEC WebSAM DeploymentManager 5.13 and earlier, as used in SigmaSystemCenter 2.1 Update2 and earlier, BladeSystemCenter, ExpressSystemCenter, and VirtualPCCenter 2.2 and earlier, allows remote attackers to cause a denial of service (OS shutdown or… | |||
| CVE-2008-0378 | 0.00 | — | 0.03 | Jan 22, 2008 | Stack-based buffer overflow in SocksCap 2.40-051231 and earlier, when "Resolve all names remotely" is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hostname. | |||
| CVE-2007-5557 | 0.00 | — | 0.01 | Oct 18, 2007 | Unspecified vulnerability in the NEC mobile handset allows remote attackers to cause a denial of service (reboot) via crafted packets. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known… | |||
| CVE-2006-6946 | 0.00 | — | 0.01 | Jan 23, 2007 | The web server in the NEC MultiWriter 1700C allows remote attackers to modify the device configuration via unspecified vectors. | |||
| CVE-2006-6947 | 0.00 | — | 0.01 | Jan 23, 2007 | The FTP server in the NEC MultiWriter 1700C allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command, a variant of CVE-1999-0017. | |||
| CVE-2005-4465 | 0.00 | — | 0.03 | Dec 22, 2005 | The Internet Key Exchange version 1 (IKEv1) implementation in NEC UNIVERGE IX1000, IX2000, and IX3000 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.… | |||
| CVE-2002-2367 | 0.00 | — | 0.05 | Dec 31, 2002 | Off-by-one buffer overflow in NEC SOCKS5 1.0 r11 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long hostname. | |||
| CVE-2002-0666 | 0.00 | — | 0.02 | Nov 4, 2002 | IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via spoofed, short Encapsulating Security Payload (ESP) packets, which result in… | |||
| CVE-2000-1183 | 0.00 | — | 0.01 | Jan 9, 2001 | Buffer overflow in socks5 server on Linux allows attackers to execute arbitrary commands via a long connection request. | |||
| CVE-1999-1435 | 0.00 | — | 0.00 | Jul 10, 1998 | Buffer overflow in libsocks5 library of Socks 5 (socks5) 1.0r5 allows local users to gain privileges via long environmental variables. | |||
| CVE-1999-0010 | 0.00 | — | 0.02 | Apr 8, 1998 | Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages. | |||
| CVE-1999-0024 | 0.00 | — | 0.05 | Aug 13, 1997 | DNS cache poisoning via BIND, by predictable query IDs. | |||
| CVE-1999-0868 | 0.00 | — | 0.01 | Feb 20, 1997 | ucbmail allows remote attackers to execute commands via shell metacharacters that are passed to it from INN. | |||
| CVE-1999-0048 | 0.00 | — | 0.03 | Jan 27, 1997 | Talkd, when given corrupt DNS information, can be used to execute arbitrary commands with root privileges. | |||
| CVE-1999-0138 | 0.00 | — | 0.01 | Jun 26, 1996 | The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access. | |||
| CVE-1999-0078 | 0.00 | — | 0.01 | Apr 18, 1996 | pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call. |
- CVE-2018-0637Jan 9, 2019risk 0.00cvss —epss 0.01
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via export.cgi encKey parameter.
- CVE-2018-0636Jan 9, 2019risk 0.00cvss —epss 0.01
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter of a certain URL, different URL from CVE-2018-0634.
- CVE-2018-0635Jan 9, 2019risk 0.00cvss —epss 0.01
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via filename parameter.
- CVE-2018-0629Jan 9, 2019risk 0.00cvss —epss 0.01
Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via HTTP request and response.
- CVE-2018-0640Jan 9, 2019risk 0.00cvss —epss 0.02
Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary code via netWizard.cgi date parameter, time parameter, and offset parameter.
- CVE-2018-16192Jan 9, 2019risk 0.00cvss —epss 0.01
Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allow an attacker on the same network segment to obtain information registered on the device via unspecified vectors.
- CVE-2018-0627Jan 9, 2019risk 0.00cvss —epss 0.01
Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via targetAPSsid parameter.
- CVE-2018-16195Jan 9, 2019risk 0.00cvss —epss 0.01
Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands via SOAP interface of UPnP.
- CVE-2018-0639Jan 9, 2019risk 0.00cvss —epss 0.01
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via tools_firmware.cgi date parameter, time parameter, and offset parameter.
- CVE-2018-0631Jan 9, 2019risk 0.00cvss —epss 0.01
Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via targetAPSsid parameter.
- CVE-2018-0641Jan 9, 2019risk 0.00cvss —epss 0.02
Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary code via tools_system.cgi date parameter, time parameter, and offset parameter.
- CVE-2018-16193Jan 9, 2019risk 0.00cvss —epss 0.01
Cross-site scripting vulnerability in Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2018-0632Jan 9, 2019risk 0.00cvss —epss 0.02
Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary code via HTTP request and response.
- CVE-2018-0630Jan 9, 2019risk 0.00cvss —epss 0.01
Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via sysCmd parameter.
- CVE-2018-16194Jan 9, 2019risk 0.00cvss —epss 0.01
Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows authenticated attackers to execute arbitrary OS commands via unspecified vectors.
- CVE-2018-0626Jan 9, 2019risk 0.00cvss —epss 0.01
Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via sysCmd in formWsc parameter.
- CVE-2018-0638Jan 9, 2019risk 0.00cvss —epss 0.01
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via import.cgi encKey parameter.
- CVE-2018-0633Jan 9, 2019risk 0.00cvss —epss 0.02
Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary code via submit-url parameter.
- CVE-2018-0625Jan 9, 2019risk 0.00cvss —epss 0.01
Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via formSysCmd parameter.
- CVE-2018-0634Jan 9, 2019risk 0.00cvss —epss 0.01
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter or bootmode parameter of a certain URL.
- CVE-2013-7314Jan 23, 2014risk 0.00cvss —epss 0.02
The OSPF implementation on NEC IP38X, IX1000, IX2000, and IX3000 routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a…
- CVE-2013-0717Mar 19, 2013risk 0.00cvss —epss 0.01
Multiple cross-site request forgery (CSRF) vulnerabilities in the web-based management utility on the NEC AtermWR9500N, AtermWR8600N, AtermWR8370N, AtermWR8160N, AtermWM3600R, and AtermWM3450RN routers allow remote attackers to hijack the authentication of administrators for…
- CVE-2013-0706Feb 22, 2013risk 0.00cvss —epss 0.02
NEC Universal RAID Utility 1.40 Rev 680 and earlier, 2.31 Rev 1492 and earlier, and 2.5 Rev 2244 and earlier does not provide access control, which allows remote attackers to perform arbitrary RAID disk operations via unspecified vectors.
- CVE-2012-2640Jul 5, 2012risk 0.00cvss —epss 0.01
The NEC BIGLOBE Yome Collection application 1.8.3 and earlier for Android allows remote attackers to read the IMEI value from an SD card via a crafted application that lacks the READ_PHONE_STATE permission.
- CVE-2011-1323May 9, 2011risk 0.00cvss —epss 0.02
Yamaha RTX, RT, SRT, RTV, RTW, and RTA series routers with firmware 6.x through 10.x, and NEC IP38X series routers with firmware 6.x through 10.x, do not properly handle IP header options, which allows remote attackers to cause a denial of service (device reboot) via a crafted…
- CVE-2010-1943May 19, 2010risk 0.00cvss —epss 0.03
Unspecified vulnerability in NEC CapsSuite Small Edition PatchMeister 2.0 Update2 and earlier allows remote attackers to cause a denial of service (OS shutdown or restart) via vectors related to Client Service for PTM and crafted packets to port 56015.
- CVE-2010-1941May 19, 2010risk 0.00cvss —epss 0.03
Unspecified vulnerability in NEC WebSAM DeploymentManager 5.13 and earlier, as used in SigmaSystemCenter 2.1 Update2 and earlier, BladeSystemCenter, ExpressSystemCenter, and VirtualPCCenter 2.2 and earlier, allows remote attackers to cause a denial of service (OS shutdown or…
- CVE-2008-0378Jan 22, 2008risk 0.00cvss —epss 0.03
Stack-based buffer overflow in SocksCap 2.40-051231 and earlier, when "Resolve all names remotely" is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hostname.
- CVE-2007-5557Oct 18, 2007risk 0.00cvss —epss 0.01
Unspecified vulnerability in the NEC mobile handset allows remote attackers to cause a denial of service (reboot) via crafted packets. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known…
- CVE-2006-6946Jan 23, 2007risk 0.00cvss —epss 0.01
The web server in the NEC MultiWriter 1700C allows remote attackers to modify the device configuration via unspecified vectors.
- CVE-2006-6947Jan 23, 2007risk 0.00cvss —epss 0.01
The FTP server in the NEC MultiWriter 1700C allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command, a variant of CVE-1999-0017.
- CVE-2005-4465Dec 22, 2005risk 0.00cvss —epss 0.03
The Internet Key Exchange version 1 (IKEv1) implementation in NEC UNIVERGE IX1000, IX2000, and IX3000 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.…
- CVE-2002-2367Dec 31, 2002risk 0.00cvss —epss 0.05
Off-by-one buffer overflow in NEC SOCKS5 1.0 r11 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long hostname.
- CVE-2002-0666Nov 4, 2002risk 0.00cvss —epss 0.02
IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via spoofed, short Encapsulating Security Payload (ESP) packets, which result in…
- CVE-2000-1183Jan 9, 2001risk 0.00cvss —epss 0.01
Buffer overflow in socks5 server on Linux allows attackers to execute arbitrary commands via a long connection request.
- CVE-1999-1435Jul 10, 1998risk 0.00cvss —epss 0.00
Buffer overflow in libsocks5 library of Socks 5 (socks5) 1.0r5 allows local users to gain privileges via long environmental variables.
- CVE-1999-0010Apr 8, 1998risk 0.00cvss —epss 0.02
Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages.
- CVE-1999-0024Aug 13, 1997risk 0.00cvss —epss 0.05
DNS cache poisoning via BIND, by predictable query IDs.
- CVE-1999-0868Feb 20, 1997risk 0.00cvss —epss 0.01
ucbmail allows remote attackers to execute commands via shell metacharacters that are passed to it from INN.
- CVE-1999-0048Jan 27, 1997risk 0.00cvss —epss 0.03
Talkd, when given corrupt DNS information, can be used to execute arbitrary commands with root privileges.
- CVE-1999-0138Jun 26, 1996risk 0.00cvss —epss 0.01
The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access.
- CVE-1999-0078Apr 18, 1996risk 0.00cvss —epss 0.01
pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call.
Page 3 of 3