CVE-2019-20029

An exploitable privilege escalation vulnerability exists in the WebPro functionality of Aspire-derived NEC PBXes, including all versions of SV8100, SV9100, SL1100 and SL2100 devices. A specially crafted HTTP POST can cause privilege escalation resulting in a higher privileged account, including a...

CVE-2019-20029

An exploitable privilege escalation vulnerability exists in the WebPro functionality of Aspire-derived NEC PBXes, including all versions of SV8100, SV9100, SL1100 and SL2100 devices. A specially crafted HTTP POST can cause privilege escalation resulting in a higher privileged account, including a...

CVE-2019-20033

On Aspire-derived NEC PBXes, including all versions of SV8100 devices, a set of documented, static login credentials may be used to access the DIM interface...

CVE-2019-20027

Aspire-derived NEC PBXes, including the SV8100, SV9100, SL1100 and SL2100 with software releases 7.0 or higher contain the possibility if incorrectly configured to allow a blank username and password combination to be entered as a valid, successfully authenticating account...

Design/Logic Flaw

An attacker with access to an InMail voicemail box equipped with the find me/follow me feature on Aspire-derived NEC PBXes, including all versions of SV8100, SV9100, SL1100 and SL2100 devices, may access the system's administration modem...

Default credentials

Aspire-derived NEC PBXes, including the SV8100, SV9100, SL1100 and SL2100 with software releases 7.0 or higher contain the possibility if incorrectly configured to allow a blank username and password combination to be entered as a valid, successfully authenticating account...

CVE-2019-20033

On Aspire-derived NEC PBXes, including all versions of SV8100 devices, a set of documented, static login credentials may be used to access the DIM interface...

CVE-2019-20033

Affected hardware/software : Aspire-derived NEC PBXes, including all versions of SV8100 devices. Vulnerability : A set of documented, static login credentials may be used to access the DIM interface. Root cause / scope : Credentials are static and documented for DIM access. Impact : Potential una...

CVE-2019-20032

An attacker with access to an InMail voicemail box equipped with the find me/follow me feature on Aspire-derived NEC PBXes, including all versions of SV8100, SV9100, SL1100 and SL2100 devices, may access the system's administration modem...

CVE-2019-20032

CVE-2019-20032 affects Aspire-derived NEC PBXes (SV8100, SV9100, SL1100, SL2100). A local attacker who has access to an InMail voicemail box with the find me/follow me feature can reach the system’s administration modem. The case describes no details on the root cause beyond the feature interplay...

CVE-2019-20029

An exploitable privilege escalation vulnerability exists in the WebPro functionality of Aspire-derived NEC PBXes, including all versions of SV8100, SV9100, SL1100 and SL2100 devices. A specially crafted HTTP POST can cause privilege escalation resulting in a higher privileged account, including a...

CVE-2019-20028

CVE-2019-20028 affects NEC PBXes running InMail (all SV8100/SV9100/SL1100/SL2100 variants) where the WebPro administration interface allows unauthenticated read-only access to voicemails, greetings, and voice response system content. The root cause is an unauthenticated exposure via WebPro; impac...

NEC Univerge SV9100/SV8100 WebPro 10.0 - Configuration Download Vulnerability

NEC Univerge SV9100/SV8100 WebPro version 10.0 suffers from a remote configuration download vulnerability. The gzipped telephone system configuration file 'config.gz' or 'config.pcpx' that contains the unencrypted data file 'conf.pcpn', can be downloaded by an attacker from the root directory if...

NEC Univerge SV9100/SV8100 WebPro 10.0 Remote Configuration Download

NEC Univerge SV9100/SV8100 WebPro 10.0 Remote Configuration Download Vendor: NEC Corporation Product web page: http://www.nec.com Affected version: WebPro =10.00 DSP Firmware Version: 12.11.00.02 Summary: NEC's UNIVERGEAr SV9100 is the unified communications UC solution of choice for small and...

NEC Univerge SV9100/SV8100 WebPro 10.0 Remote Configuration Download

Summary NEC's UNIVERGE® SV9100 is the unified communications UC solution of choice for small and medium businesses SMBs who don't want to be left behind. Designed to fit your unique needs, the UNIVERGE SV9100 platform is a powerful communications solution that provides SMBs with the efficient,...