First published: Wed Jul 29 2020(Updated: )
On Aspire-derived NEC PBXes, including all versions of SV8100 devices, a set of documented, static login credentials may be used to access the DIM interface.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Nec Sv8100 Firmware | ||
Nec Sv8100 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-20033 is a vulnerability found in Aspire-derived NEC PBXes, including all versions of SV8100 devices. Static login credentials can be used to access the DIM interface.
The severity of CVE-2019-20033 is critical with a CVSS score of 9.8.
To fix CVE-2019-20033, it is recommended to update the firmware on Aspire-derived NEC PBXes, specifically the SV8100 devices.
The NEC SV8100 firmware in all versions is affected by CVE-2019-20033.
No, NEC SV8100 devices are not vulnerable to CVE-2019-20033.
Yes, the vulnerability allows the use of documented static login credentials to access the DIM interface on Aspire-derived NEC PBXes, including all versions of SV8100 devices.
The CWE of CVE-2019-20033 is CWE-287.
Yes, you can find more information about CVE-2019-20033 at the following reference: https://shadytel.su/files/nec_cve.txt