4 matches found
EUVD-2026-32278
In Slican telephone exchanges it is possible to manage the control panel remotely. An unauthenticated attacker can connect to the modem via a telephone with a specific caller ID. This allows them to bypass admin authentication and gain full access to the service protocol and configuration panel...
CVE-2026-35087
Slican telephone exchanges allow administrative protocol authentication bypass. An attacker can bypass the need to enter login credentials by executing the appropriate command. This issue was fixed in versions below: - NCP: version 1.24.0250 - IPx series: version 6.61.0040 - CCT-1668: version...
CVE-2026-35090
CVE-2026-35090 describes an authentication bypass in Slican telephone exchanges, allowing an unauthenticated attacker to remotely manage the control panel by dialing a specific caller ID. The issue enables bypass of admin authentication and full access to the service protocol and configuration pa...
CVE-2013-10050 D-Link Devices tools_vct.xgi Authenticated RCE
An OS command injection vulnerability exists in multiple D-Link routers confirmed on DIR-300 rev A v1.05 and DIR-615 rev D v4.13 via the authenticated toolsvct.xgi CGI endpoint. The web interface fails to properly sanitize user-supplied input in the pingIp parameter, allowing attackers with valid...