iSTAR Ultra
Products
1- 5 CVEs
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-53695 | Cri | 0.61 | — | 0.02 | Jul 28, 2025 | OS Command Injection in iSTAR Ultra products web application allows an authenticated attacker to gain even more privileged access ('root' user) to the device firmware. | ||
| CVE-2025-53696 | Cri | 0.60 | — | 0.00 | Jul 28, 2025 | iSTAR Ultra performs a firmware verification on boot, however the verification does not inspect certain portions of the firmware. These firmware parts may contain malicious code. Tested up to firmware 6.9.2, later firmwares are also possibly affected. | ||
| CVE-2017-17704 | Hig | 0.48 | 7.4 | 0.00 | Dec 31, 2017 | A door-unlocking issue was discovered on Software House iStar Ultra devices through 6.5.2.20569 when used in conjunction with the IP-ACM Ethernet Door Module. The communications between the IP-ACM and the iStar Ultra is encrypted using a fixed AES key and IV. Each message is… | ||
| CVE-2022-21941 | 0.02 | — | 0.20 | Aug 31, 2022 | All versions of iSTAR Ultra prior to version 6.8.9.CU01 are vulnerable to a command injection that could allow an unauthenticated user root access to the system. | |||
| CVE-2023-3127 | 0.00 | — | 0.00 | Jul 11, 2023 | An unauthenticated user could log into iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 with administrator rights. |
- risk 0.61cvss —epss 0.02
OS Command Injection in iSTAR Ultra products web application allows an authenticated attacker to gain even more privileged access ('root' user) to the device firmware.
- risk 0.60cvss —epss 0.00
iSTAR Ultra performs a firmware verification on boot, however the verification does not inspect certain portions of the firmware. These firmware parts may contain malicious code. Tested up to firmware 6.9.2, later firmwares are also possibly affected.
- risk 0.48cvss 7.4epss 0.00
A door-unlocking issue was discovered on Software House iStar Ultra devices through 6.5.2.20569 when used in conjunction with the IP-ACM Ethernet Door Module. The communications between the IP-ACM and the iStar Ultra is encrypted using a fixed AES key and IV. Each message is…
- CVE-2022-21941Aug 31, 2022risk 0.02cvss —epss 0.20
All versions of iSTAR Ultra prior to version 6.8.9.CU01 are vulnerable to a command injection that could allow an unauthenticated user root access to the system.
- CVE-2023-3127Jul 11, 2023risk 0.00cvss —epss 0.00
An unauthenticated user could log into iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 with administrator rights.