This is the top of the page.
Displaying present location in the site.
  1. Home
  2. Products
  3. Security Advisories
Main content starts here.

Security Advisories

Small and Midsize Business

Possibility to reboot the remote system with specially crafted command

Product : SV9100/SL2100
Description :An attacker may cause system down and reboot of the products by sending a specially crafted command.
LAST UPDATED :March 22, 2021
Revision :1.0
CVE :CVE-2021-20677

Regarding some vulnerability which include possible to access the system settings from unauthenticated user

Product :SV9100/SL2100/SV8100/SL1100/SL1000
Description :This notice relates to 9 security vulnerabilities (designated CVE-2019-20025 to CVE-2019- 20033) which have been found in the UNIVERGE communication Products for SMB platform.
LAST UPDATED :August 31 2020
Revision :2.0
CVE : CVE-2019-20025, CVE-2019-20026, CVE-2019-20027, CVE-2019-20028, CVE-2019-20029,
          CVE-2019-20030, CVE-2019-20031, CVE-2019-20032, CVE-2019-20033


Possibility to access the remote system maintenance feature and execute arbitrary OS commands

Product : SV8500/SV9500
Description : UNIVERGE SV8500/SV9500 allows an attacker to access the remote system maintenance feature and obtain the information by sending a specially crafted request to a specific URL and then execute arbitrary OS commands or cause a denial-of-service (DoS) condition.
LAST UPDATED :January 27, 2021
Revision :2.0
CVE :CVE-2020-5685, CVE-2020-5686

Ripple 20, a series of vulnerabilities found in TCP/IP software library

Product : NEAX 2000IPS, UNIVERGE SV8300/SV9300
Description : The TCP/IP stack used in NEAX 2000IPS and UNIVERGE SV9300/SV9300 has a series of vulnerabilities discovered by JSOF research lab. It is named as Ripple 20.
LAST UPDATED :October 21, 2020
Revision :1.0
CVE :CVE-2020-11901, CVE-2020-11912


Possibility to eavesdrop on network packets of DT900/DT800 Series

Product : UNIVERGE DT900/DT800 Series
Description : An attacker may eavesdrops and analyses network packets between DT900/DT800 Series and PC tools on intranet network.
LAST UPDATED : December 17, 2021
Revision : 1.0
CVE : CVE-2021-44746

Top of this page