VYPR
Vendor

Slican

Products
11
CVEs
5
Across products
17
Status
Private

Products

11

Recent CVEs

5
  • CVE-2026-35090CriMay 27, 2026
    risk 0.60cvss epss 0.01

    In Slican telephone exchanges it is possible to manage the control panel remotely. An unauthenticated attacker can connect to the modem via a telephone with a specific caller ID. This allows them to bypass admin authentication and gain full access to the service protocol and…

  • CVE-2026-35087CriMay 27, 2026
    risk 0.60cvss epss 0.01

    Slican telephone exchanges allow administrative protocol authentication bypass. An attacker can bypass the need to enter login credentials by executing the appropriate command. This issue was fixed in versions below: - NCP: version 1.24.0250 - IPx series: version 6.61.0040 -…

  • CVE-2026-35089HigMay 27, 2026
    risk 0.57cvss epss 0.01

    In Slican telephone exchanges secure key is generated in a predictable manner using properties of the telephone exchange which can be obtained without authentication. An unauthenticated attacker can deduce the secure key and obtain admin credentials. This issue was fixed in…

  • CVE-2025-14577Feb 24, 2026
    risk 0.00cvss epss 0.00

    Slican NCP/IPL/IPM/IPU devices are vulnerable to PHP Function Injection. An unauthenticated remote attacker is able to execute arbitrary PHP commands by sending specially crafted requests to /webcti/session_ajax.php endpoint. This issue was fixed in version 1.24.0190 (Slican…

  • CVE-2021-45813Dec 28, 2021
    risk 0.00cvss epss 0.01

    SLICAN WebCTI 1.01 2015 is affected by a Cross Site Scripting (XSS) vulnerability. The attacker can steal the user's session by injecting malicious JavaScript codes which leads to Session Hijacking and cause user's credentials theft.