216.73.217.176

CVE-2025-14577

· Published 24/02/2026 14:16 · Modified 24/02/2026 21:52

Labels: CVE-2025-14577 2026-02-24CVE-2025-14577CWE-306[email protected]

Essential information

Published
24/02/2026 14:16
Modified
24/02/2026 21:52
Author
Creator
CVSS
9.3 CRITICAL (v3) 9.3 CRITICAL (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Slican NCP/IPL/IPM/IPU devices are vulnerable to PHP Function Injection. An unauthenticated remote attacker is able to execute arbitrary PHP commands by sending specially crafted requests to /webcti/session_ajax.php endpoint. This issue was fixed in version 1.24.0190 (Slican NCP) and 6.61.0010 (Slican IPL/IPM/IPU).

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
slican / ncp cpe:2.3:a:slican:ncp:1.24.0190:*:*:*:*:*:*:*
slican / ipl cpe:2.3:a:slican:ipl:6.61.0010:*:*:*:*:*:*:*
slican / ipm cpe:2.3:a:slican:ipm:6.61.0010:*:*:*:*:*:*:*
slican / ipu cpe:2.3:a:slican:ipu:6.61.0010:*:*:*:*:*:*:*

References