NEC Univerge SV9100/SV8100 WebPro 10.0 Remote Configuration Download
Posted by deepcore on January 24, 2018 – 9:29 am
NEC Univerge SV9100/SV8100 WebPro version 10.0 suffers from a remote configuration download vulnerability. The gzipped telephone system configuration file ‘config.gz’ or ‘config.pcpx’ that contains the unencrypted data file ‘conf.pcpn’, can be downloaded by an attacker from the root directory if previously generated by a privileged user.
Post a reply
You must be logged in to post a comment.