Slican
Products
11- 3 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-35090 | Cri | 0.60 | — | 0.01 | May 27, 2026 | In Slican telephone exchanges it is possible to manage the control panel remotely. An unauthenticated attacker can connect to the modem via a telephone with a specific caller ID. This allows them to bypass admin authentication and gain full access to the service protocol and… | ||
| CVE-2026-35087 | Cri | 0.60 | — | 0.01 | May 27, 2026 | Slican telephone exchanges allow administrative protocol authentication bypass. An attacker can bypass the need to enter login credentials by executing the appropriate command. This issue was fixed in versions below: - NCP: version 1.24.0250 - IPx series: version 6.61.0040 -… | ||
| CVE-2026-35089 | Hig | 0.57 | — | 0.01 | May 27, 2026 | In Slican telephone exchanges secure key is generated in a predictable manner using properties of the telephone exchange which can be obtained without authentication. An unauthenticated attacker can deduce the secure key and obtain admin credentials. This issue was fixed in… | ||
| CVE-2025-14577 | 0.00 | — | 0.00 | Feb 24, 2026 | Slican NCP/IPL/IPM/IPU devices are vulnerable to PHP Function Injection. An unauthenticated remote attacker is able to execute arbitrary PHP commands by sending specially crafted requests to /webcti/session_ajax.php endpoint. This issue was fixed in version 1.24.0190 (Slican… | |||
| CVE-2021-45813 | 0.00 | — | 0.01 | Dec 28, 2021 | SLICAN WebCTI 1.01 2015 is affected by a Cross Site Scripting (XSS) vulnerability. The attacker can steal the user's session by injecting malicious JavaScript codes which leads to Session Hijacking and cause user's credentials theft. |
- risk 0.60cvss —epss 0.01
In Slican telephone exchanges it is possible to manage the control panel remotely. An unauthenticated attacker can connect to the modem via a telephone with a specific caller ID. This allows them to bypass admin authentication and gain full access to the service protocol and…
- risk 0.60cvss —epss 0.01
Slican telephone exchanges allow administrative protocol authentication bypass. An attacker can bypass the need to enter login credentials by executing the appropriate command. This issue was fixed in versions below: - NCP: version 1.24.0250 - IPx series: version 6.61.0040 -…
- risk 0.57cvss —epss 0.01
In Slican telephone exchanges secure key is generated in a predictable manner using properties of the telephone exchange which can be obtained without authentication. An unauthenticated attacker can deduce the secure key and obtain admin credentials. This issue was fixed in…
- CVE-2025-14577Feb 24, 2026risk 0.00cvss —epss 0.00
Slican NCP/IPL/IPM/IPU devices are vulnerable to PHP Function Injection. An unauthenticated remote attacker is able to execute arbitrary PHP commands by sending specially crafted requests to /webcti/session_ajax.php endpoint. This issue was fixed in version 1.24.0190 (Slican…
- CVE-2021-45813Dec 28, 2021risk 0.00cvss —epss 0.01
SLICAN WebCTI 1.01 2015 is affected by a Cross Site Scripting (XSS) vulnerability. The attacker can steal the user's session by injecting malicious JavaScript codes which leads to Session Hijacking and cause user's credentials theft.