What is GHSA-74x7-73gr-c646?

GHSA-74x7-73gr-c646 is a security advisory published by GitHub Security Advisories with Critical severity. Slican telephone exchanges allow administrative protocol authentication bypass. An attacker can...

Which CVE IDs does GHSA-74x7-73gr-c646 cover?

GHSA-74x7-73gr-c646 covers the following CVE IDs: CVE-2026-35087. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

GHSA-74x7-73gr-c646Critical

Slican telephone exchanges allow administrative protocol authentication bypass. An attacker can...

Vendor

GitHub Security Advisories

Published

May 27, 2026

Last Modified

May 27, 2026

🔗 CVE IDs covered (1)

CVE-2026-35087 →

📋 Description

Slican telephone exchanges allow administrative protocol authentication bypass. An attacker can bypass the need to enter login credentials by executing the appropriate command.

This issue was fixed in versions below:

NCP: version 1.24.0250
IPx series: version 6.61.0040
CCT-1668: version 6.56.0430
MAC-6400: version 6.56.0430
CXS-0424: version 6.30.0510

The issue STILL EXISTS in End-Of-Life telephone exchanges in versions 4.xx and below:

CCT-1668 (CCT1CPU)
MAC-6400 - CXS-0424 These products were discontinued in 2011 and 2012 and and will not receive updates. These products require a hardware update in order to receive a software update. The vendor recommends that users of these devices contact the their service department directly to determine the options for upgrading.

🔗 CVE IDs covered (1)

📋 Description

🔗 References (3)