Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Sl2100_firmware
(Nec)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 4 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-07-29 | CVE-2019-20028 | Aspire-derived NEC PBXes operating InMail software, including all versions of SV8100, SV9100, SL1100 and SL2100 devices allow unauthenticated read-only access to voicemails, greetings, and voice response system content through a system's WebPro administration interface. | Sl1100_firmware, Sl2100_firmware, Sv8100_firmware, Sv9100_firmware | 7.5 | ||
| 2020-07-29 | CVE-2019-20029 | An exploitable privilege escalation vulnerability exists in the WebPro functionality of Aspire-derived NEC PBXes, including all versions of SV8100, SV9100, SL1100 and SL2100 devices. A specially crafted HTTP POST can cause privilege escalation resulting in a higher privileged account, including an undocumented developer level of access. | Sl1100_firmware, Sl2100_firmware, Sv8100_firmware, Sv9100_firmware | 8.8 | ||
| 2020-07-29 | CVE-2019-20027 | Aspire-derived NEC PBXes, including the SV8100, SV9100, SL1100 and SL2100 with software releases 7.0 or higher contain the possibility if incorrectly configured to allow a blank username and password combination to be entered as a valid, successfully authenticating account. | Sl1100_firmware, Sl2100_firmware, Sv8100_firmware, Sv9100_firmware | N/A | ||
| 2020-07-29 | CVE-2019-20032 | An attacker with access to an InMail voicemail box equipped with the find me/follow me feature on Aspire-derived NEC PBXes, including all versions of SV8100, SV9100, SL1100 and SL2100 devices, may access the system's administration modem. | Sl1100_firmware, Sl2100_firmware, Sv8100_firmware, Sv9100_firmware | N/A |