Full title: NEC Univerge SV9100/SV8100 WebPro 10.0 - Configuration Download Vulnerability 
Category: web applications
Platform: multiple
NEC Univerge SV9100/SV8100 WebPro version 10.0 suffers from a remote configuration download vulnerability. The gzipped telephone system configuration file 'config.gz' or 'config.pcpx' that contains the unencrypted data file 'conf.pcpn', can be downloaded by an attacker from the root directory if previously generated by a privileged user.

# 0day.today @ http://0day.today/