In the SureLine application software used on Sunhillo communication appliances, v8.7.0 and older, a vulnerability was discovered that allows unauthenticated operating system (OS) command injection making it possible for an attacker to execute arbitrary commands with root privileges using the browser interface. This vulnerability has been disclosed under CVE-2021-36380.
The Ventnor supports an optional COM Express computer module internal to the unit. The circuitry to detect the optional COM Express computer module can intermittently indicate that the module is present when it is not. When this occurs, in addition to Eth0 and Eth1, an Eth2 interface will be available under the SureLine web-based GUI or STUI Network Configuration menu selection. The user can then attempt to configure Eth2 which, in some cases, could lead to erroneous network behavior or prevent access to the unit altogether. Ventnor systems with the optional COM Express computer module installed are not affected by this issue.
Using the latest Firefox or Chrome browsers to interface with Sunhillo products through the web-based user interface may cause erroneous behaviour including the display of error: “Signal 11 last debug line 0 aborting”.
