Category: EXPLOIT

exploit 0day security

NEC Univerge SV9100/SV8100 WebPro 10.0 Remote Configuration Download

NEC Univerge SV9100/SV8100 WebPro version 10.0 suffers from a remote configuration download vulnerability. The gzipped telephone system configuration file ‘config.gz’ or ‘config.pcpx’ that contains the unencrypted data file ‘conf.pcpn’, can be downloaded by an attacker from the root directory if previously generated by a privileged user. Source: NEC Univerge SV9100/SV8100 WebPro 10.0 Remote Configuration Download