PT-2018-10799 · Nec · Nec Univerge Sv9100 Webpro

Hyp3Rlinx

Published

2018-12-26

Updated

2021-09-13

CVE-2018-11742

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions NEC Univerge Sv9100 WebPro version 6.00.00

Description The issue concerns cleartext password storage in the Web UI. This means that passwords are stored in a plaintext format, which can be easily accessed by unauthorized parties.

Recommendations For NEC Univerge Sv9100 WebPro version 6.00.00, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522

Related Identifiers

CVE-2018-11742

Affected Products

Nec Univerge Sv9100 Webpro

PT-2018-10799 · Nec · Nec Univerge Sv9100 Webpro

CVE-2018-11742

Weakness Enumeration

Related Identifiers

Affected Products

References · 7