Breadcrumb navigation

Security Advisories

Small and Midsize Business

Possibility to reboot the remote system with specially crafted command

Product : SV9100/SL2100
Description :An attacker may cause system down and reboot of the products by sending a specially crafted command.
LAST UPDATED :March 22, 2021
Revision :1.0
CVE :CVE-2021-20677

Regarding some vulnerability which include possible to access the system settings from unauthenticated user

Product :SV9100/SL2100/SV8100/SL1100/SL1000
Description :This notice relates to 9 security vulnerabilities (designated CVE-2019-20025 to CVE-2019- 20033) which have been found in the UNIVERGE communication Products for SMB platform.
LAST UPDATED :August 31 2020
Revision :2.0
CVE : CVE-2019-20025, CVE-2019-20026, CVE-2019-20027, CVE-2019-20028, CVE-2019-20029,
          CVE-2019-20030, CVE-2019-20031, CVE-2019-20032, CVE-2019-20033

Enterprise

Possibility to access the remote system maintenance feature and execute arbitrary OS commands

Product : SV8500/SV9500
Description : UNIVERGE SV8500/SV9500 allows an attacker to access the remote system maintenance feature and obtain the information by sending a specially crafted request to a specific URL and then execute arbitrary OS commands or cause a denial-of-service (DoS) condition.
LAST UPDATED :January 27, 2021
Revision :2.0
CVE :CVE-2020-5685, CVE-2020-5686

Ripple 20, a series of vulnerabilities found in TCP/IP software library

Product : NEAX 2000IPS, UNIVERGE SV8300/SV9300
Description : The TCP/IP stack used in NEAX 2000IPS and UNIVERGE SV9300/SV9300 has a series of vulnerabilities discovered by JSOF research lab. It is named as Ripple 20.
LAST UPDATED :October 21, 2020
Revision :1.0
CVE :CVE-2020-11901, CVE-2020-11912

Endpoints

Possibility to access the system settings from unauthenticated user

Product : UNIVERGE DT900/DT900S Series
Description : UNIVERGE DT900/DT900S Series allow an attacker to access the system settings from unauthenticated user.
LAST UPDATED : May 7, 2024
Revision : 1.0
CVE : CVE-2024-3016

Possibility to execute arbitrary OS commands

Product : UNIVERGE DT900/DT900S Series
Description : UNIVERGE DT900/DT900S Series allow an attacker to execute arbitrary OS commands.
LAST UPDATED : November 29, 2023
Revision : 1.0
CVE : CVE-2023-3741

Possibility to eavesdrop on network packets of DT900/DT800 Series

Product : UNIVERGE DT900/DT800 Series
Description : An attacker may eavesdrops and analyses network packets between DT900/DT800 Series and PC tools on intranet network.
LAST UPDATED : December 17, 2021
Revision : 1.0
CVE : CVE-2021-44746