We keep this list of security information for the products icom Connectivity Suite, icom Router Management and all routers with the operating system icom OS up to date.
Subscribe to security alerts
Receive all security-related information about our products. Register now for our security newsletter. We will notify you by email as soon as new security advisories are published.
Learn more
Would you like to learn more about IT security at INSYS icom? You can find more information on the topic here
Report a vulnerability
You would like to inform us about a security note or have questions about IT security at INSYS icom? Please send an e-mail to security@insys-icom.com or use our secure online form.
| Title | Severity level | CVE ID | Products concerned | Release date | Download | Solution |
|---|---|---|---|---|---|---|
| Multiple Linux Kernel vulnerabilities | High | CVE-2026-31668, CVE-2026-43038, CVE-2026-43284, CVE-2026-43037, CVE-2026-31685, CVE-2026-31682, CVE-2026-43500 | icomOS <= 9.4 | 2026-05-12 | PDF version | icomOS 9.5 |
| Copy Fail / Linux Kernel Local Privilege Escalation | Informational | CVE-2026-31431 | No products affected | 2026-05-06 | PDF version | - |
| Stack buffer overflow in CMS AuthEnvelopedData parsing | High | CVE-2025-15467 | icom OS >= 9.0 | 2026-02-06 | PDF version | icomOS 9.4 |
| Multiple CVEs in OpenSSL library | Low | CVE-2025-11187, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796, CVE-2025-15468, CVE-2025-15469, CVE-2025-66199, CVE-2025-68160, CVE-2025-69418, CVE-2025-69419, CVE-2025-69420 | icom OS >= 9.0 | 2026-02-06 | PDF version | icomOS 9.4 |
| Multiple Vulnerabilities in OpenSSL library | Low | CVE-2025-15467, CVE-2025-15468, CVE-2025-15469, CVE-2025-66199, CVE-2025-69419, CVE-2025-69420 , CVE-2025-69421 , CVE-2026-22795, CVE-2026-22796 | icom Connectivity Suite (iCS) | 2026-02-06 | PDF version | |
| Multiple Vulnerabilities in OpenSSL library | Not affected | CVE-2025-15467, CVE-2025-15468, CVE-2025-15469, CVE-2025-66199, CVE-2025-69419, CVE-2025-69420 , CVE-2025-69421 , CVE-2026-22795, CVE-2026-22796 | icom Router Management (iRM) | 2026-02-06 | Not affected | |
| Improper validation of source IP addresses in OpenVPN | High | CVE-2025-13086 | icom OS >= 7.0 | 2026-02-06 | PDF version | icomOS 9.4 |
| Improper validation of source IP addresses in OpenVPN | Not affected | CVE-2025-13086 | icom Connectivity Suite (iCS), icom Router Management (iRM) | 2026-02-06 | Not affected | |
| Privilege Escalation Vulnerability in Dropbear SSH Server | High | CVE-2025-14282 | No product affected | 2025-12-16 | PDF version | |
| React Server Remote Code Execution Vulnerability (React2Shell) | Critical | CVE-2025-55182 | No product affected | 2025-12-15 | PDF version | |
| Status User role exceeds intended permissions | Medium | icom OS 8.8 | 2025-06-14 | PDF version | icom OS 8.9 | |
| CVE-2024-50302 – Linux Kernel Vulnerability | Low | CVE-2024-50302 | icom OS | 2025-03-06 | PDF version | icom OS 8.5 |
| Low-Risk Vulnerability in Router Configuration when Firewall allows all Incoming Traffic | Low (no CVE score available) | icom OS | 2025-02-26 | PDF version | icom OS 8.8 | |
| Missing 2FA Validation on New UI Endpoints | High (CVSS v3 Base Score: 8.1) | icom Connectivity Suite | 2025-01-16 | PDF version | fixed | |
| Input Validation Flaw in icomOS Firewall and Port Rules Handling | Medium | All icom OS versions | 2024-11-27 | PDF version | Solution: icom OS 8.4 | |
| OpenVPN | Critical | CVE-2023-46850 | icom OS 7.0 - 7.9 | 2024-10-10 | PDF version | icom OS 8.0 |
| OpenVPN | High | CVE-2023-46849 | icom OS 7.0 - 7.9 | 2024-10-10 | PDF version | icom OS 8.0 |
| OpenSSH | Informational | CVE-2024-6387 | none | 2024-07-17 | PDF version | |
| XZ Utils Backdoor | Informational | CVE-2024-3094 | none | 2024-04-08 | PDF version | |
| OpenSSH Terrapin Attack | Medium | CVE-2023-48795 | icom OS 5.2 or higher | 2024-01-11 | PDF version | icom OS V7.9 |
| Open tcp port 8888 | informational | icom OS 5.5 or higher | 2023-03-20 | PDF version | icom OS V6.10 | |
| OpenSSL 3.0 | informational | CVE-2022-3602 CVE-2022-3786 | none | 2022-11-02 | PDF version | |
| Log4j | informational | CVE-2021-44228 | none | 2021-12-13 | PDF version | |
| Multiple vulnerabilities in cURL and openSSL | High | cURL CVE-2020-8286 CVE-2020-8285 CVE-2020-8284 CVE-2020-8231 CVE-2020-8177 CVE-2020-8169 openSSL CVE-2020-1967 CVE-2020-1971 | icom OS 4.4 or lower | 2021-02-03 | PDF version | icom OS V4.5 |
| dnsmasq multiple vulnerabilities | High | CVE-2020-25681 CVE-2020-25682 CVE-2020-25683 CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 CVE-2020-25687 CVE-2020-25687 | icom OS 4.4 or lower | 2021-02-02 | PDF version | icom OS V4.5 |
| Amnesia:33 | Informational | none | 2020-09-28 | PDF version | ||
| Ripple20 | Informational | none | 2020-06-24 | PDF version | ||
| pppd buffer overflow | Critical | CVE-2020-8597 | icom OS 4.1 or lower | 2020-05-30 | PDF version | icom OS V4.2 or greater |
Contact form for security notes
You would like to inform us about a security note or have questions about IT security at INSYS icom?
Please use our secure online form.