Description
Slican telephone exchanges allow administrative protocol authentication bypass. An attacker can bypass the need to enter login credentials by executing the appropriate command.


This issue was fixed in versions below:
- NCP: version 1.24.0250
- IPx series: version 6.61.0040
- CCT-1668: version 6.56.0430
- MAC-6400: version 6.56.0430
- CXS-0424: version 6.30.0510

The issue STILL EXISTS in End-Of-Life telephone exchanges in versions 4.xx and below:
- CCT-1668 (CCT1CPU)
- MAC-6400
- CXS-0424
These products were discontinued in 2011 and 2012 and and will not receive updates. These products require a hardware update in order to receive a software update. The vendor recommends that users of these devices contact the their service department directly to determine the options for upgrading.
Published: 2026-05-27
Score: 9.3 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Slican telephone exchanges implement an administrative protocol that requires authentication. The vulnerability allows an attacker to bypass this requirement by executing a specific command, effectively removing the need for credentials. The weakness is quantified as CWE‑288 and enables attackers to obtain full administrative control of the device, which can be used to alter configuration, deploy malware, or gain persistent access.

Affected Systems

Affected products include Slican CCT‑1668, CXS‑0424, IPx, MAC‑6400, and NCP. The vulnerability has been fixed in firmware starting with NCP 1.24.0250 and later, IPx series 6.61.0040 and later, CCT‑1668 6.56.0430 and later, MAC‑6400 6.56.0430 and later, and CXS‑0424 6.30.0510 and later. End‑of‑life variants in versions 4.xx and earlier of CCT‑1668 (CCT1CPU), MAC‑6400, and CXS‑0424 remain vulnerable and will not receive updates without a hardware upgrade. Users of these devices should contact the service department for upgrade options.

Risk and Exploitability

The CVSS score of 9.3 indicates critical severity, and the EPSS score is unavailable but the lack of a KEV listing suggests publicly known exploits are not confirmed. The likely attack vector is remote access to the administrative protocol; an attacker with network connectivity can send the bypass command without authenticating. Once the bypass succeeds, the attacker gains full control of the device, potentially compromising the entire telephone network.

Generated by OpenCVE AI on May 27, 2026 at 16:16 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the device firmware to a version newer than the fixed releases listed above
  • If the device cannot be upgraded, contact the vendor service department to evaluate upgrade options or hardware replacement
  • Restrict network access to the administrative protocol to trusted users only by configuring firewall rules or VLAN segmentation

Generated by OpenCVE AI on May 27, 2026 at 16:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description Slican telephone exchanges allow administrative protocol authentication bypass. An attacker can bypass the need to enter login credentials by executing the appropriate command. This issue was fixed in versions below: - NCP: version 1.24.0250 - IPx series: version 6.61.0040 - CCT-1668: version 6.56.0430 - MAC-6400: version 6.56.0430 - CXS-0424: version 6.30.0510 The issue STILL EXISTS in End-Of-Life telephone exchanges in versions 4.xx and below: - CCT-1668 (CCT1CPU) - MAC-6400 - CXS-0424 These products were discontinued in 2011 and 2012 and and will not receive updates. These products require a hardware update in order to receive a software update. The vendor recommends that users of these devices contact the their service department directly to determine the options for upgrading.
Title Authentication Bypass in Slican telephone exchanges
Weaknesses CWE-288
References
Metrics cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: CERT-PL

Published:

Updated: 2026-05-27T15:39:44.033Z

Reserved: 2026-04-01T11:23:16.117Z

Link: CVE-2026-35087

cve-icon Vulnrichment

Updated: 2026-05-27T15:39:35.293Z

cve-icon NVD

Status : Received

Published: 2026-05-27T14:16:44.710

Modified: 2026-05-27T14:16:44.710

Link: CVE-2026-35087

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T16:30:36Z

Weaknesses