In the SureLine application software used on Sunhillo communication appliances, v8.7.0 and older, a vulnerability was discovered that allows unauthenticated operating system (OS) command injection making it possible for an attacker to execute arbitrary commands with root privileges using the browser interface. This vulnerability has been disclosed under CVE-2021-36380.
The Ventnor supports an optional COM Express computer module internal to the unit. The circuitry to detect the optional COM Express computer module can intermittently indicate that the module is present when it is not. When this occurs, in addition to Eth0 and Eth1, an Eth2 interface will be available under the SureLine web-based GUI or STUI Network Configuration menu selection. The user can then attempt to configure Eth2 which, in some cases, could lead to erroneous network behavior or prevent access to the unit altogether. Ventnor systems with the optional COM Express computer module installed are not affected by this issue.
Please contact firstname.lastname@example.org for any additional questions
Please click the button for Sunhillo’s latest FAQ:
RMA Return Form
An RMA number is required prior to returning any equipment to Sunhillo. Please fill out the form to request an RMA.