Arif Jatmiko

**Name of the Vulnerable Software and Affected Versions** Verso NetPerformer FRAD ACT SDM-95xx versions 7.xx (R1) and earlier Verso NetPerformer FRAD ACT SDM-93xx versions 10.x.x (R2) and earlier Verso NetPerformer FRAD ACT SDM-92xx versions 9.x.x (R1) and earlier **Description** A buffer overflow issue exists in the telnet service, allowing remote attackers to potentially cause a denial of service, resulting in a reboot, and possibly execute arbitrary code by providing a long `username`. **Recommendations** For SDM-95xx versions 7.xx (R1) and earlier, consider disabling the telnet service until a fix is available. For SDM-93xx versions 10.x.x (R2) and earlier, restrict access to the telnet service to minimize the risk of exploitation. For SDM-92xx versions 9.x.x (R1) and earlier, avoid using long usernames in the telnet service until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Verso NetPerformer FRAD ACT SDM-95xx versions 7.xx (R1) and earlier Verso NetPerformer FRAD ACT SDM-93xx versions 10.x.x (R2) and earlier Verso NetPerformer FRAD ACT SDM-92xx versions 9.x.x (R1) and earlier **Description** The issue allows remote attackers to cause a denial of service, resulting in the device hanging or rebooting, via an ICMP packet with the same destination and source address and port. **Recommendations** For Verso NetPerformer FRAD ACT SDM-95xx versions 7.xx (R1) and earlier, update to a version later than 7.xx (R1) to resolve the issue. For Verso NetPerformer FRAD ACT SDM-93xx versions 10.x.x (R2) and earlier, update to a version later than 10.x.x (R2) to resolve the issue. For Verso NetPerformer FRAD ACT SDM-92xx versions 9.x.x (R1) and earlier, update to a version later than 9.x.x (R1) to resolve the issue. As a temporary workaround, consider restricting ICMP packet traffic to minimize the risk of exploitation.