Critical Command Injection Vulnerability in NEC UNIVERGE IX Devices
NEC Corporation UNIVERGE IX devices have a Command Injection vulnerability. This affects versions from Ver9.2 to Ver10.10.21, Ver10.8 up to Ver10.8.27, Ver10.9 up to Ver10.9.14, and UNIVERGE IX-R/IX-V Ver1.2.15 and earlier. An attacker can inject any CLI commands and run them on the device through the management interface.