This website uses cookies to analyze website traffic, improve website performance and display advertisements. To learn how to opt out of these cookies, click here. By continuing to use this website, you are consenting to the use of these cookies.
March Networks is committed to ensuring the security and reliability of all of our products. We strive to proactively address security threats as they are reported by the U.S Computer Emergency Readiness Team (US-CERT). When we learn of potential vulnerabilities, our team conducts immediate, in-depth investigations across our product lines. If appropriate and required, we take immediate action to prepare software/firmware updates, and to alert you to the availability of these updates.
Security Advisories
Previous security updates impacting March Networks products are listed below, along with the corresponding software versions in which the vulnerability was addressed. Software updates are posted on our partner portal, and can also be found on our Software Downloads page.
If you don’t have access to our partner portal, contact your March Networks certified solution provider for assistance.
Note on Apache Struts vulnerabilities
March Networks does not use the Apache Struts framework in its products.
March Networks does not use the Apache Struts framework in its products.
| CVE | Advisory Summary | Products | Addressed in Release | Severity |
|---|---|---|---|---|
| CVE-2018-10933 | Libssh Authentication Bypass | None | No Impact to March Networks products | N/A |
| CVE-2018-1150 | NUUO's NVRMini2 3.8.0 | None | No Impact to March Networks products | N/A |
| CVE-2018-1149 | cgi_system in NUUO's NVRMini2 3.8.0 | None | No Impact to March Networks products | N/A |
| CVE-2017-5754 | Rogue data cache load (Meltdown) | 6000,8000,9000, GT, MT Series Recorders; Edge 4 & Edge 16 Encoders; ME4 Series & Edge OS 2 Devices |
Not Necessary at this time | Low |
| CVE-2017-5754 | Rogue data cache load (Meltdown) | Command, Searchlight, Visual Intelligence (R5) |
Microsoft Security Patches only | Medium |
| CVE-2017-5753 | Bounds check bypass | 6000,8000,9000, GT, MT Series Recorders; Edge 4 & Edge 16 Encoders; ME4 Series & Edge OS 2 Devices |
Not Necessary at this time | Low |
| CVE-2017-5753 | Bounds check bypass | Command, Searchlight, Visual Intelligence (R5) |
Microsoft Security Patches only | Medium |
| CVE-2017-5715 | Branch target injection (Spectre) | 6000,8000,9000, GT, MT Series Recorders; Edge 4 & Edge 16 Encoders; ME4 Series & Edge OS 2 Devices |
Not Necessary at this time | Low |
| CVE-2017-5715 | Branch target injection (Spectre) | Command, Searchlight, Visual Intelligence (R5) |
Microsoft Security Patches only | Medium |
| CVE-2017-9765 | gSOAP | Various March Networks Edge Devices | Refer to chart | Medium |
| CVE-2017-5638 | Apache Struts Jakarta Multipart Parser | None | No Impact to March Networks products | N/A |
| CVE-2016-0800 | Cross-protocol attack on TLS using SSLv2 (DROWN) | All | No Impact to March Networks products | N/A |
| CVE-2015-1798 CVE-2015-1799 |
NTP MiM/DOS attacks | Visual Intelligence (R5) 8000 4000 (Gen 4) |
5.7.10 | Medium |
| N/A | SSL Certificate Chain Contains RSA Keys Less Than 2048 bits | Visual Intelligence (R5) 8000 4000 (Gen 4) |
5.7.10 | Medium |
| CVE-2015-2808 | SSL RC4 Cipher Suites Supported | Visual Intelligence (R5) 8000 4000 (Gen 4) |
5.7.10 | Medium |
| N/A | Linux/Moose | N/A | No Impact to March Networks products | Medium |
| CVE-2015-4000 | Logjam Attack | N/A | No Impact to March Networks products | Medium |
| CVE-2015-0247 | e2fsprogs | Visual Intelligence (R5) 8000 4000 (Gen 4) |
5.7.9 SP1 | Medium |
| CVE-2015-0235 | Ghost | Visual Intelligence (R5) 8000 4000 (Gen 4) |
5.7.9 SP1 | Medium |
| CVE-2015-0235 | Ghost | Visual Intelligence (R5) 3000 Series |
5.5.1 SP18 | Medium |
| CVE-2015-0293 and others |
OpenSSL 0.9.8zf | Visual Intelligence (R5) 3000 Series |
5.5.1 SP18 | High |
| N/A | OpenSSL | Visual Intelligence (R5) 8000 4000 (Gen 4) |
5.7.9 | Low |
| N/A | NTP Utilities | Visual Intelligence (R5) 8000 4000 (Gen 4) |
5.7.9 | Low |
| N/A | Open SSH | Visual Intelligence (R5) 8000 4000 (Gen 4) |
5.7.9 | Low |
| CVE-2015-0204 | FREAK SSL/TLS Vulnerability | All | No Impact to March Networks products | N/A |
| CVE-2015-0204 | FREAK SSL/TLS Vulnerability | Edge devices running Edge OS | 1.10.6 | Medium |
| CVE-2015-0235 | Linux “Ghost” Remote Code Execution | Visual Intelligence (R5) 8000 4000 (Gen 4) |
5.7.9 | Low |
| CVE-2015-0160 | Heartbeat Extension Packets | Edge devices running Edge OS | 1.10.4 | Medium |
| CVE-2014-2609 | Oracle GlassFish Server Multiple Vulnerabilities | Command | 1.8.0 | Medium |
| CVE-2014-0224 | OpenSSL 'ChangeCipherSpec' MiTM Vulnerability | Visual Intelligence (R5) 8000 4000 (Gen 4) |
5.7.5 - SP1 5.7.7 |
High |
| CVE-2014-0224 | OpenSSL 'ChangeCipherSpec' MiTM Vulnerability | Visual Intelligence (R5) 3204 |
5.5.1 - SP17 | High |
| CVE-2014-0224 | OpenSSL 'ChangeCipherSpec' MiTM Vulnerability | Command | 1.8.0 | High |
| CVE-2014-3566 | SSL protocol 3.0 | Edge devices running Edge OS | 1.10.6 | Medium |
| CVE-2014-0224 | OpenSSL 'ChangeCipherSpec' MiTM Vulnerability | Edge devices running Edge OS | 1.10.6 | Medium |
| CVE-2013-5211 | NTP MONLIST vulnerability | Visual Intelligence (R5) 8000 4000 (Gen 4) |
5.7.2 - SP2 5.7.3 - SP4 5.7.4 - SP3 5.7.8 - SP1 |
High |
| CVE-2013-5211 | NTP MONLIST vulnerability | 5000 Series | 4.9.1 - R4 DVRs | High |
| CVE-2012-0920 | Dropbear SSH server vulnerability | Edge devices running Edge OS | 1.10.5 | Medium |
Get the latest news and information on our IP video products with March Networks News. Subscribe now