ByteOS Network

slican

Source -

NVD

BOS Name -

N/A

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2025-14577

Assigner-CERT.PL

View Details

Assigner-CERT.PL

CVSS Score-9.3||CRITICAL

EPSS-0.13% / 32.17%

7 Day CHG~0.00%

Published-24 Feb, 2026 | 13:21

Updated-02 Mar, 2026 | 14:10

PHP Function Injection in Slican NPC/IPL/IPM/IPU

Slican NCP/IPL/IPM/IPU devices are vulnerable to PHP Function Injection. An unauthenticated remote attacker is able to execute arbitrary PHP commands by sending specially crafted requests to /webcti/session_ajax.php endpoint. This issue was fixed in version 1.24.0190 (Slican NCP) and 6.61.0010 (Slican IPL/IPM/IPU).

Vendor-slican Slican

Product-ipm-032.wm ipm-032.2u ipu-14_firmware ncp_server_cm300p.1bc ipu-14.105.wm ipl-256_firmware ipl-256.3u ncp_server_cm600p.1bc ipl-256.wm ncp_firmware ncp_server_cm400p.1bc ipu-14.103.wm ipm-032_firmware ipu-14.105.1u ncp_server_cm300p IPL NCP IPM IPU

CWE ID-CWE-306

Missing Authentication for Critical Function

CVE-2021-45813

Assigner-MITRE Corporation

View Details

Assigner-MITRE Corporation

CVSS Score-6.1||MEDIUM

EPSS-0.24% / 47.67%

7 Day CHG~0.00%

Published-28 Dec, 2021 | 14:42

Updated-04 Aug, 2024 | 04:54

SLICAN WebCTI 1.01 2015 is affected by a Cross Site Scripting (XSS) vulnerability. The attacker can steal the user's session by injecting malicious JavaScript codes which leads to Session Hijacking and cause user's credentials theft.

Vendor-slican n/a

Product-webcti n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')