Description
Incorrect implementation of authentication algorithm issue in UNIVERGE SV9500 series from V1 to V7and SV8500 series from S6 to S8 allows an attacker to access the remote system maintenance feature and obtain the information by sending a specially crafted request to a specific URL.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.necplatforms.co.jp/en/press/security_adv.html
Third Party Advisory x_refsource_misc
https://jvn.jp/en/jp/JVN38784555/index.html
Scores
CVSS v3
7.5
EPSS
0.0116
EPSS Percentile
63.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-287
Status
published
Products (2)
nec/univerge_sv8500_firmware
s6 - s8
nec/univerge_sv9500_firmware
v1 - v7
Published
Jan 13, 2021
Tracked Since
Feb 18, 2026