VYPR

Vendor CVEs

NEC

All CVEs

142 total · sorted by risk
  • CVE-2018-0637Jan 9, 2019
    risk 0.00cvss epss 0.01

    Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via export.cgi encKey parameter.

  • CVE-2018-0636Jan 9, 2019
    risk 0.00cvss epss 0.01

    Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter of a certain URL, different URL from CVE-2018-0634.

  • CVE-2018-0635Jan 9, 2019
    risk 0.00cvss epss 0.01

    Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via filename parameter.

  • CVE-2018-0629Jan 9, 2019
    risk 0.00cvss epss 0.01

    Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via HTTP request and response.

  • CVE-2018-0640Jan 9, 2019
    risk 0.00cvss epss 0.02

    Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary code via netWizard.cgi date parameter, time parameter, and offset parameter.

  • CVE-2018-16192Jan 9, 2019
    risk 0.00cvss epss 0.01

    Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allow an attacker on the same network segment to obtain information registered on the device via unspecified vectors.

  • CVE-2018-0627Jan 9, 2019
    risk 0.00cvss epss 0.01

    Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via targetAPSsid parameter.

  • CVE-2018-16195Jan 9, 2019
    risk 0.00cvss epss 0.01

    Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands via SOAP interface of UPnP.

  • CVE-2018-0639Jan 9, 2019
    risk 0.00cvss epss 0.01

    Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via tools_firmware.cgi date parameter, time parameter, and offset parameter.

  • CVE-2018-0631Jan 9, 2019
    risk 0.00cvss epss 0.01

    Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via targetAPSsid parameter.

  • CVE-2018-0641Jan 9, 2019
    risk 0.00cvss epss 0.02

    Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary code via tools_system.cgi date parameter, time parameter, and offset parameter.

  • CVE-2018-16193Jan 9, 2019
    risk 0.00cvss epss 0.01

    Cross-site scripting vulnerability in Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2018-0632Jan 9, 2019
    risk 0.00cvss epss 0.02

    Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary code via HTTP request and response.

  • CVE-2018-0630Jan 9, 2019
    risk 0.00cvss epss 0.01

    Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via sysCmd parameter.

  • CVE-2018-16194Jan 9, 2019
    risk 0.00cvss epss 0.01

    Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows authenticated attackers to execute arbitrary OS commands via unspecified vectors.

  • CVE-2018-0626Jan 9, 2019
    risk 0.00cvss epss 0.01

    Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via sysCmd in formWsc parameter.

  • CVE-2018-0638Jan 9, 2019
    risk 0.00cvss epss 0.01

    Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via import.cgi encKey parameter.

  • CVE-2018-0633Jan 9, 2019
    risk 0.00cvss epss 0.02

    Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary code via submit-url parameter.

  • CVE-2018-0625Jan 9, 2019
    risk 0.00cvss epss 0.01

    Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via formSysCmd parameter.

  • CVE-2018-0634Jan 9, 2019
    risk 0.00cvss epss 0.01

    Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter or bootmode parameter of a certain URL.

  • CVE-2013-7314Jan 23, 2014
    risk 0.00cvss epss 0.02

    The OSPF implementation on NEC IP38X, IX1000, IX2000, and IX3000 routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a…

  • CVE-2013-0717Mar 19, 2013
    risk 0.00cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in the web-based management utility on the NEC AtermWR9500N, AtermWR8600N, AtermWR8370N, AtermWR8160N, AtermWM3600R, and AtermWM3450RN routers allow remote attackers to hijack the authentication of administrators for…

  • CVE-2013-0706Feb 22, 2013
    risk 0.00cvss epss 0.02

    NEC Universal RAID Utility 1.40 Rev 680 and earlier, 2.31 Rev 1492 and earlier, and 2.5 Rev 2244 and earlier does not provide access control, which allows remote attackers to perform arbitrary RAID disk operations via unspecified vectors.

  • CVE-2012-2640Jul 5, 2012
    risk 0.00cvss epss 0.01

    The NEC BIGLOBE Yome Collection application 1.8.3 and earlier for Android allows remote attackers to read the IMEI value from an SD card via a crafted application that lacks the READ_PHONE_STATE permission.

  • CVE-2011-1323May 9, 2011
    risk 0.00cvss epss 0.02

    Yamaha RTX, RT, SRT, RTV, RTW, and RTA series routers with firmware 6.x through 10.x, and NEC IP38X series routers with firmware 6.x through 10.x, do not properly handle IP header options, which allows remote attackers to cause a denial of service (device reboot) via a crafted…

  • CVE-2010-1943May 19, 2010
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in NEC CapsSuite Small Edition PatchMeister 2.0 Update2 and earlier allows remote attackers to cause a denial of service (OS shutdown or restart) via vectors related to Client Service for PTM and crafted packets to port 56015.

  • CVE-2010-1941May 19, 2010
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in NEC WebSAM DeploymentManager 5.13 and earlier, as used in SigmaSystemCenter 2.1 Update2 and earlier, BladeSystemCenter, ExpressSystemCenter, and VirtualPCCenter 2.2 and earlier, allows remote attackers to cause a denial of service (OS shutdown or…

  • CVE-2008-0378Jan 22, 2008
    risk 0.00cvss epss 0.03

    Stack-based buffer overflow in SocksCap 2.40-051231 and earlier, when "Resolve all names remotely" is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hostname.

  • CVE-2007-5557Oct 18, 2007
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the NEC mobile handset allows remote attackers to cause a denial of service (reboot) via crafted packets. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known…

  • CVE-2006-6946Jan 23, 2007
    risk 0.00cvss epss 0.01

    The web server in the NEC MultiWriter 1700C allows remote attackers to modify the device configuration via unspecified vectors.

  • CVE-2006-6947Jan 23, 2007
    risk 0.00cvss epss 0.01

    The FTP server in the NEC MultiWriter 1700C allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command, a variant of CVE-1999-0017.

  • CVE-2005-4465Dec 22, 2005
    risk 0.00cvss epss 0.03

    The Internet Key Exchange version 1 (IKEv1) implementation in NEC UNIVERGE IX1000, IX2000, and IX3000 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.…

  • CVE-2002-2367Dec 31, 2002
    risk 0.00cvss epss 0.05

    Off-by-one buffer overflow in NEC SOCKS5 1.0 r11 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long hostname.

  • CVE-2002-0666Nov 4, 2002
    risk 0.00cvss epss 0.02

    IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via spoofed, short Encapsulating Security Payload (ESP) packets, which result in…

  • CVE-2000-1183Jan 9, 2001
    risk 0.00cvss epss 0.01

    Buffer overflow in socks5 server on Linux allows attackers to execute arbitrary commands via a long connection request.

  • CVE-1999-1435Jul 10, 1998
    risk 0.00cvss epss 0.00

    Buffer overflow in libsocks5 library of Socks 5 (socks5) 1.0r5 allows local users to gain privileges via long environmental variables.

  • CVE-1999-0010Apr 8, 1998
    risk 0.00cvss epss 0.02

    Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages.

  • CVE-1999-0024Aug 13, 1997
    risk 0.00cvss epss 0.05

    DNS cache poisoning via BIND, by predictable query IDs.

  • CVE-1999-0868Feb 20, 1997
    risk 0.00cvss epss 0.01

    ucbmail allows remote attackers to execute commands via shell metacharacters that are passed to it from INN.

  • CVE-1999-0048Jan 27, 1997
    risk 0.00cvss epss 0.03

    Talkd, when given corrupt DNS information, can be used to execute arbitrary commands with root privileges.

  • CVE-1999-0138Jun 26, 1996
    risk 0.00cvss epss 0.01

    The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access.

  • CVE-1999-0078Apr 18, 1996
    risk 0.00cvss epss 0.01

    pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call.

Page 3 of 3