Vulnerability in Slican Cct-1668

CVE-2026-35087

Slican telephone exchanges allow administrative protocol authentication bypass. An attacker can bypass the need to enter login credentials by executing the appropriate command. This issue was fixed in versions below: - NCP: version 1.24…

EPSS: 0.001 (24.9th percentile) — read the EPSS interpretation.

Affected products

Slican Cct-1668 — versions 0
Slican Cxs-0424 — versions 0
Slican Ipx — versions 0
Slican Mac-6400 — versions 0
Slican Ncp — versions 0

Weakness classification (CWE)

CWE-288 — Authentication Bypass Using an Alternate Path or Channel

References

cvd@cert.pl (third-party-advisory)