Vulnerability CVE-2018-11742

Vulnerability CVE-2018-11742

Published: 2018-12-26

Description:

	Topic	Author	Date
Med.	NEC Univerge Sv9100 WebPro - 6.00 / Predictable Session ID / Clear Text Password Storage	hyp3rlinx	09.12.2018

Type:

(Credentials Management)

CVSS Base Score	Impact Subscore	Exploitability Subscore
5/10	2.9/10	10/10

Affected software
Necom -> Univerge sv9100 webpro firmware

http://hyp3rlinx.altervista.org/advisories/NEC-UNIVERGE-WEBPRO-v6.00-PREDICTABLE-SESSIONID-CLEARTEXT-PASSWORDS.txt

http://packetstormsecurity.com/files/150610/NEC-Univerge-Sv9100-WebPro-6.00.00-Predictable-Session-ID-Cleartext-Passwords.html

http://seclists.org/fulldisclosure/2018/Dec/1

https://www.exploit-db.com/exploits/45942/