PT-2020-10319 · Nec · Sv9100
Published
2020-07-29
·
Updated
2021-07-21
·
CVE-2019-20026
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
NEC SV9100 versions 7.0 and higher
Description
The issue allows unauthenticated remote attackers to reset all existing usernames and passwords to default values via a crafted request to the WebPro interface.
Recommendations
For versions 7.0 and higher, consider restricting access to the WebPro interface until a fix is available. As a temporary workaround, monitor the system for unauthorized password resets and username changes.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sv9100