CVE-2019-20027
CRITICALNEC SV8100/SV9100/SL1100/SL2100 Firmware >=7.0 - Unauthenticated Authentication Bypass via Blank Credentials
Title source: llmDescription
Aspire-derived NEC PBXes, including the SV8100, SV9100, SL1100 and SL2100 with software releases 7.0 or higher contain the possibility if incorrectly configured to allow a blank username and password combination to be entered as a valid, successfully authenticating account.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://shadytel.su/files/nec_cve.txt
Scores
CVSS v3
9.8
EPSS
0.0137
EPSS Percentile
68.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
Status
published
Products (4)
nec/sl1100_firmware
7.0
nec/sl2100_firmware
7.0
nec/sv8100_firmware
7.0
nec/sv9100_firmware
7.0
Published
Jul 29, 2020
Tracked Since
Feb 18, 2026