{"document":{"acknowledgments":[{"urls":["https://kb.cert.org/vuls/id/199397#acknowledgements"]}],"category":"CERT/CC Vulnerability Note","csaf_version":"2.0","notes":[{"category":"summary","text":"### Overview\r\nTunnelling protocols are an essential part of the Internet and form much of the backbone that modern network infrastructure relies on today. One limitation of these protocols is that they do not authenticate and/or encrypt traffic. Though this limitation exists, IPsec can be implemented to help prevent attacks. However, implementation of these protocols have been executed poorly in some areas.\r\n\r\nFor the latest security findings from the researchers at the DistriNet-KU Leuven research group, please refer to: https://papers.mathyvanhoef.com/usenix2025-tunnels.pdf\r\n\r\n### Description\r\nResearchers at the DistriNet-KU Leuven research group have discovered millions of vulnerable Internet systems that accept unauthenticated IPIP, GRE, 4in6, or 6in4 traffic. This can be considered a generalization of the vulnerability in VU#636397 : [IP-in-IP protocol routes arbitrary traffic by default](https://kb.cert.org/vuls/id/636397) (CVE-2020-10136). The exposed systems can be abused as one-way proxies, enable an adversary to spoof the source address of packets (CWE-290 Authentication Bypass by Spoofing), or permit access to an organization's private network. Vulnerable systems can also facilitate Denial-of-Service (DoS) attacks.\r\nTwo types of DoS attacks exploiting this vulnerability can amplify traffic: one concentrates traffic in time (\"Tunneled-Temporal Lensing\"), and the other can loop packets between vulnerable systems, resulting in an amplification factor of at least 13- and 75-fold, respectively. Additionally, the researchers discovered an Economic Denial of Sustainability (EDoS), where the outgoing bandwidth of a vulnerable system is drained, raising the cost of operations if hosted by a third-party cloud service provider.\r\n\r\n### Impact\r\nAn adversary can abuse these security vulnerabilities to create one-way proxies and spoof source IPv4/6 addresses. Vulnerable systems may also allow access to an organization's private network or be abused to perform DDoS attacks.\r\n\r\n### Solution\r\nSee the \"Defences\" section in the researcher's publication https://papers.mathyvanhoef.com/usenix2025-tunnels.pdf\r\n\r\n### Acknowledgements\r\nThanks to the researchers Mathy Vanhoef and Angelos Beitis of the DistriNet-KU Leuven research group for the initial discovery and research. This document was written by Ben Koo.\r\n\r\n**CVE-2024-7595**\r\nGRE and GRE6 Protocols (RFC2784) do not validate or verify the source of a network packet, allowing an attacker to route arbitrary traffic via an exposed network interface that can lead to spoofing, access control bypass, and other unexpected network behaviors. This can be considered similar to CVE-2020-10136.\r\n\r\n**CVE-2024-7596**\r\nProposed Generic UDP Encapsulation (GUE) (IETF draft-ietf-intarea-gue*) does not validate or verify the source of a network packet, allowing an attacker to route arbitrary traffic via an exposed network interface that can lead to spoofing, access control bypass, and other unexpected network behaviors. This can be considered similar to CVE-2020-10136.\r\n\r\n*Note: [GUE Draft](https://datatracker.ietf.org/doc/draft-ietf-intarea-gue/) is expired and no longer canonical.\r\n\r\n**CVE-2025-23018**\r\nThe IPv4-in-IPv6 and IPv6-in-IPv6 protocols (RFC2473) do not require the validation or verification of the source of a network packet, allowing an attacker to route arbitrary traffic via an exposed network interface that can lead to spoofing, access control bypass, and other unexpected network behaviors. This can be considered similar to CVE-2020-10136.\r\n\r\n**CVE-2025-23019**\r\nThe IPv6-in-IPv4 protocol (RFC4213) does not require authentication of incoming packets, allowing an attacker to route traffic via an exposed network interface that can lead to spoofing, access control bypass, and other unexpected network behaviors.\r\n\r\n\r\n*Note: CVE-2024-7595, CVE-2024-7596, and CVE-2025-23018 are considered similar to CVE-2020-10136 in that they highlight the inherent weakness that these protocols do not validate or verify the source of a network packet. These distinct CVEs are meant to specify the different protocols in question that are vulnerable.*\r\n\r\n*For reference: (CVE-2020-10136) Multiple products that implement the IP Encapsulation within IP (IPIP) standard (RFC 2003, STD 1) decapsulate and route IP-in-IP traffic without any validation, which could allow an unauthenticated remote attacker to route arbitrary traffic via an exposed network interface and lead to spoofing, access control bypass, and other unexpected network behaviors.*","title":"Summary"},{"category":"legal_disclaimer","text":"THIS DOCUMENT IS PROVIDED ON AN 'AS IS' BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. ","title":"Legal Disclaimer"},{"category":"other","text":"CERT/CC Vulnerability Note is a limited advisory. It primarily identifies vendors impacted by the advisory and not specific products. We only support \"known_affected\" and \"known_not_affected\" status. Please consult the vendor's statements and advisory URL if provided by the vendor for more details ","title":"Limitations of Advisory"},{"category":"other","text":"Fastly does not use GRE, GRE6, IPIP, 6in4, etc.  So, if that list disclosed is complete for the researchers' methodology, Fastly is not impacted.","title":"Vendor statment from Fastly"},{"category":"other","text":"Cisco has tested our core routing platforms. In the default state and with common tunnel configurations they were confirmed not vulnerable, aside from what was already disclosed and fixed in 2020 at the time of the original CVE-2020-10136 report (see https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ipip-dos-kCT9X4).\r\n\r\nThere are a limited set of uncommon tunnel configurations that could make devices decapsulate traffic coming from any source IP, making these issues potentially applicable. As there are situations where this may be desirable and other methods can be implemented to protect from unintentional decapsulation these are configuration in nature rather than vulnerabilities, as the devices would be performing as they are configured to in such cases.","title":"Vendor statment from Cisco"},{"category":"other","text":"D-Link Corporation continues to investigate it's product-line and isn't currently aware of any affected active products.\r\n\r\nWe will continue to be vigilent as the significant scope of these vulnerabilites may require addition patches if we discover or are made aware of an issue with D-Link devices.\r\n\r\nWilliam Brown \r\nD-Link US SIRT\r\nsecurity@us.dlink.com","title":"Vendor statment from D-Link Systems Inc."},{"category":"other","text":"illumos and its distributions only accept IP{v4,v6}-in-IP{v4,v6} if so configured, and except for 6to4 tunnels, only between two IP endpoints.  See the iptun(4D) manual page in illumos for more details, as well as the `forwarding` property in the ipadm(8) man page for each network interface.\r\n\r\nWe will send ICMP unreachable messages (bad protocol) in response by default, but these can be disabled.","title":"Vendor statment from Illumos"},{"category":"other","text":"This issue has been published as a Juniper Security Advisory [JSA100061](https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-Evolved-Multiple-vulnerabilities-resolved-for-Insecure-Implementation-of-Tunneling-Protocols-GRE-IPIP-4in6-6in4-VU-199397?language=en_US)","title":"Vendor statment from Juniper Networks"}],"publisher":{"category":"coordinator","contact_details":"Email: cert@cert.org, Phone: +1412 268 5800","issuing_authority":"CERT/CC under DHS/CISA https://www.cisa.gov/cybersecurity also see https://kb.cert.org/ ","name":"CERT/CC","namespace":"https://kb.cert.org/"},"references":[{"url":"https://certcc.github.io/certcc_disclosure_policy","summary":"CERT/CC vulnerability disclosure policy"},{"summary":"CERT/CC document released","category":"self","url":"https://kb.cert.org/vuls/id/199397"},{"url":"https://www.rfc-editor.org/rfc/rfc6169.html","summary":"https://www.rfc-editor.org/rfc/rfc6169.html"},{"url":"https://datatracker.ietf.org/doc/html/rfc2784","summary":"https://datatracker.ietf.org/doc/html/rfc2784"},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10136","summary":"https://nvd.nist.gov/vuln/detail/CVE-2020-10136"}],"title":"Insecure Implementation of Tunneling Protocols  (GRE/IPIP/4in6/6in4)","tracking":{"current_release_date":"2025-07-16T15:07:19+00:00","generator":{"engine":{"name":"VINCE","version":"3.0.35"}},"id":"VU#199397","initial_release_date":"2025-01-17 20:38:31.885128+00:00","revision_history":[{"date":"2025-07-16T15:07:19+00:00","number":"1.20250716150719.7","summary":"Released on 2025-07-16T15:07:19+00:00"}],"status":"final","version":"1.20250716150719.7"}},"vulnerabilities":[{"title":"Multiple products that implement the IP Encapsulation within IP standard (RFC 2003, STD 1) decapsulate and route IP-in-IP traffic without any validation, which could allow an unauthenticated remote attacker to route arbitrary traffic via an exposed network interface and lead to spoofing, access control bypass, and other unexpected network behaviors.","notes":[{"category":"summary","text":"Multiple products that implement the IP Encapsulation within IP standard (RFC 2003, STD 1) decapsulate and route IP-in-IP traffic without any validation, which could allow an unauthenticated remote attacker to route arbitrary traffic via an exposed network interface and lead to spoofing, access control bypass, and other unexpected network behaviors."}],"cve":"CVE-2020-10136","ids":[{"system_name":"CERT/CC V Identifier ","text":"VU#199397"}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ipip-dos-kCT9X4","summary":"Marvell's components could be affected by this vulnerability.","category":"external"}],"product_status":{"known_affected":["CSAFPID-cb35c42a-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb3888ea-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb3b643e-33f8-11f1-8422-122e2785dc9f"],"known_not_affected":["CSAFPID-cb361ad8-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb365958-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb36a5ca-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb36ec38-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb374b9c-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb3796d8-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb37da26-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb380582-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb383890-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb38cb7a-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb390130-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb394e06-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb398600-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb3a3ab4-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb3aaaa8-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb3af1e8-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb3b3360-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb3b999a-33f8-11f1-8422-122e2785dc9f"]}},{"title":"Proposed Generic UDP Encapsulation (GUE) (IETF Draft) do not validate or verify the source of a network packet allowing an attacker to spoof and route arbitrary traffic via an exposed network interface that can lead to spoofing, access control bypass, and other unexpected network behaviors.","notes":[{"category":"summary","text":"Proposed Generic UDP Encapsulation (GUE) (IETF Draft) do not validate or verify the source of a network packet allowing an attacker to spoof and route arbitrary traffic via an exposed network interface that can lead to spoofing, access control bypass, and other unexpected network behaviors.\r\n\r\nThis can be considered similar to CVE-2020-10136."}],"cve":"CVE-2024-7596","ids":[{"system_name":"CERT/CC V Identifier ","text":"VU#199397"}],"product_status":{"known_affected":["CSAFPID-cb3e1da0-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb417fea-33f8-11f1-8422-122e2785dc9f"],"known_not_affected":["CSAFPID-cb3c0ae2-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb3c5646-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb3c9188-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb3d046a-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb3d3796-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb3d7b2a-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb3dbb1c-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb3df410-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb3e63a0-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb3f0d96-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb3f54cc-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb3f9dc4-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb3fd0aa-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb403e5a-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb40d41e-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb41051a-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb414a7a-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb41dfe4-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb423b42-33f8-11f1-8422-122e2785dc9f"]}},{"title":"The IPv6-in-IPv4 protocol (RFC4213) does not require authentication of incoming packets allowing an attacker to spoof and route traffic via an exposed network interface that can lead to spoofing, access control bypass, and other unexpected network behaviors.","notes":[{"category":"summary","text":"The IPv6-in-IPv4 protocol (RFC4213) does not require authentication of incoming packets allowing an attacker to spoof and route traffic via an exposed network interface that can lead to spoofing, access control bypass, and other unexpected network behaviors."}],"cve":"CVE-2025-23019","ids":[{"system_name":"CERT/CC V Identifier ","text":"VU#199397"}],"product_status":{"known_not_affected":["CSAFPID-cb43b65c-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb441304-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb445fee-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb44982e-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb44ebc6-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb452a8c-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb45c5b4-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb460ac4-33f8-11f1-8422-122e2785dc9f"]}},{"title":"The IPv4-in-IPv6 and IPv6-in-IPv6 protocols (RFC2473) do not require the validation or verification of the source of a network packet allowing an attacker to spoof and route arbitrary traffic via an exposed network interface that can lead to spoofing, access control bypass, and other unexpected network behaviors.","notes":[{"category":"summary","text":"The IPv4-in-IPv6 and IPv6-in-IPv6 protocols (RFC2473) do not require the validation or verification of the source of a network packet allowing an attacker to spoof and route arbitrary traffic via an exposed network interface that can lead to spoofing, access control bypass, and other unexpected network behaviors. This can be considered similar to CVE-2020-10136."}],"cve":"CVE-2025-23018","ids":[{"system_name":"CERT/CC V Identifier ","text":"VU#199397"}],"product_status":{"known_not_affected":["CSAFPID-cb47102c-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb475424-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb479fba-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb47fdd4-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb483de4-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb489186-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb491b42-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb49646c-33f8-11f1-8422-122e2785dc9f"]}},{"title":"GRE and GRE6 Protocols (RFC2784) do not validate or verify the source of a network packet allowing an attacker to spoof and route arbitrary traffic via an exposed network interface that can lead to spoofing, access control bypass, and other unexpected network behaviors.","notes":[{"category":"summary","text":"GRE and GRE6 Protocols (RFC2784) do not validate or verify the source of a network packet allowing an attacker to spoof and route arbitrary traffic via an exposed network interface that can lead to spoofing, access control bypass, and other unexpected network behaviors.\r\n\r\nThis can be considered similar to CVE-2020-10136."}],"cve":"CVE-2024-7595","ids":[{"system_name":"CERT/CC V Identifier ","text":"VU#199397"}],"references":[],"product_status":{"known_affected":["CSAFPID-cb4cf870-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb4f24e2-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb50dfda-33f8-11f1-8422-122e2785dc9f"],"known_not_affected":["CSAFPID-cb49f0e4-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb4a3ce8-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb4a74ba-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb4b1f82-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb4b6730-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb4bad3a-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb4c74c2-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb4cad5c-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb4d5fcc-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb4d962c-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb4dcba6-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb4e2bdc-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb4e7d44-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb4fc442-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb501f14-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb508c42-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb5137b4-33f8-11f1-8422-122e2785dc9f","CSAFPID-cb517170-33f8-11f1-8422-122e2785dc9f"]}}],"product_tree":{"branches":[{"category":"vendor","name":"Cisco","product":{"name":"Cisco Products","product_id":"CSAFPID-cb35c42a-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"LiteSpeed Technologies","product":{"name":"LiteSpeed Technologies Products","product_id":"CSAFPID-cb361ad8-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Fastly","product":{"name":"Fastly Products","product_id":"CSAFPID-cb365958-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Aruba Networks","product":{"name":"Aruba Networks Products","product_id":"CSAFPID-cb36a5ca-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"SonicWall","product":{"name":"SonicWall Products","product_id":"CSAFPID-cb36ec38-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Paessler","product":{"name":"Paessler Products","product_id":"CSAFPID-cb374b9c-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"ZTE Corporation","product":{"name":"ZTE Corporation Products","product_id":"CSAFPID-cb3796d8-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"eero","product":{"name":"eero Products","product_id":"CSAFPID-cb37da26-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"lwIP","product":{"name":"lwIP Products","product_id":"CSAFPID-cb380582-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Deutsche Telekom","product":{"name":"Deutsche Telekom Products","product_id":"CSAFPID-cb383890-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Honeywell","product":{"name":"Honeywell Products","product_id":"CSAFPID-cb3888ea-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Arista Networks","product":{"name":"Arista Networks Products","product_id":"CSAFPID-cb38cb7a-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"D-Link Systems Inc.","product":{"name":"D-Link Systems Inc. Products","product_id":"CSAFPID-cb390130-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Medtronic","product":{"name":"Medtronic Products","product_id":"CSAFPID-cb394e06-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Illumos","product":{"name":"Illumos Products","product_id":"CSAFPID-cb398600-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Treck","product":{"name":"Treck Products","product_id":"CSAFPID-cb39bf62-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Red Hat","product":{"name":"Red Hat Products","product_id":"CSAFPID-cb3a0846-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Juniper Networks","product":{"name":"Juniper Networks Products","product_id":"CSAFPID-cb3a3ab4-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Microchip Technology","product":{"name":"Microchip Technology Products","product_id":"CSAFPID-cb3a7538-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"LANCOM Systems GmbH","product":{"name":"LANCOM Systems GmbH Products","product_id":"CSAFPID-cb3aaaa8-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"NetBSD","product":{"name":"NetBSD Products","product_id":"CSAFPID-cb3af1e8-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Wind River","product":{"name":"Wind River Products","product_id":"CSAFPID-cb3b3360-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Marvell Semiconductor","product":{"name":"Marvell Semiconductor Products","product_id":"CSAFPID-cb3b643e-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"eCosCentric","product":{"name":"eCosCentric Products","product_id":"CSAFPID-cb3b999a-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"LiteSpeed Technologies","product":{"name":"LiteSpeed Technologies Products","product_id":"CSAFPID-cb3c0ae2-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Fastly","product":{"name":"Fastly Products","product_id":"CSAFPID-cb3c5646-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Aruba Networks","product":{"name":"Aruba Networks Products","product_id":"CSAFPID-cb3c9188-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"SonicWall","product":{"name":"SonicWall Products","product_id":"CSAFPID-cb3cc7c0-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Paessler","product":{"name":"Paessler Products","product_id":"CSAFPID-cb3d046a-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"ZTE Corporation","product":{"name":"ZTE Corporation Products","product_id":"CSAFPID-cb3d3796-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"eero","product":{"name":"eero Products","product_id":"CSAFPID-cb3d7b2a-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"lwIP","product":{"name":"lwIP Products","product_id":"CSAFPID-cb3dbb1c-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Deutsche Telekom","product":{"name":"Deutsche Telekom Products","product_id":"CSAFPID-cb3df410-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Honeywell","product":{"name":"Honeywell Products","product_id":"CSAFPID-cb3e1da0-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Arista Networks","product":{"name":"Arista Networks Products","product_id":"CSAFPID-cb3e63a0-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"D-Link Systems Inc.","product":{"name":"D-Link Systems Inc. Products","product_id":"CSAFPID-cb3f0d96-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Medtronic","product":{"name":"Medtronic Products","product_id":"CSAFPID-cb3f54cc-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Illumos","product":{"name":"Illumos Products","product_id":"CSAFPID-cb3f9dc4-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Treck","product":{"name":"Treck Products","product_id":"CSAFPID-cb3fd0aa-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Red Hat","product":{"name":"Red Hat Products","product_id":"CSAFPID-cb3fffb2-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Juniper Networks","product":{"name":"Juniper Networks Products","product_id":"CSAFPID-cb403e5a-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Microchip Technology","product":{"name":"Microchip Technology Products","product_id":"CSAFPID-cb40910c-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"LANCOM Systems GmbH","product":{"name":"LANCOM Systems GmbH Products","product_id":"CSAFPID-cb40d41e-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"NetBSD","product":{"name":"NetBSD Products","product_id":"CSAFPID-cb41051a-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Wind River","product":{"name":"Wind River Products","product_id":"CSAFPID-cb414a7a-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Marvell Semiconductor","product":{"name":"Marvell Semiconductor Products","product_id":"CSAFPID-cb417fea-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Cisco","product":{"name":"Cisco Products","product_id":"CSAFPID-cb41dfe4-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"eCosCentric","product":{"name":"eCosCentric Products","product_id":"CSAFPID-cb423b42-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Juniper Networks","product":{"name":"Juniper Networks Products","product_id":"CSAFPID-cb4334fc-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Deutsche Telekom","product":{"name":"Deutsche Telekom Products","product_id":"CSAFPID-cb43b65c-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Illumos","product":{"name":"Illumos Products","product_id":"CSAFPID-cb441304-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"D-Link Systems Inc.","product":{"name":"D-Link Systems Inc. Products","product_id":"CSAFPID-cb445fee-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Wind River","product":{"name":"Wind River Products","product_id":"CSAFPID-cb44982e-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Fastly","product":{"name":"Fastly Products","product_id":"CSAFPID-cb44ebc6-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Paessler","product":{"name":"Paessler Products","product_id":"CSAFPID-cb452a8c-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Red Hat","product":{"name":"Red Hat Products","product_id":"CSAFPID-cb456c04-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Cisco","product":{"name":"Cisco Products","product_id":"CSAFPID-cb45c5b4-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"eCosCentric","product":{"name":"eCosCentric Products","product_id":"CSAFPID-cb460ac4-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Juniper Networks","product":{"name":"Juniper Networks Products","product_id":"CSAFPID-cb46c3a6-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Deutsche Telekom","product":{"name":"Deutsche Telekom Products","product_id":"CSAFPID-cb47102c-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Illumos","product":{"name":"Illumos Products","product_id":"CSAFPID-cb475424-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"D-Link Systems Inc.","product":{"name":"D-Link Systems Inc. Products","product_id":"CSAFPID-cb479fba-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Wind River","product":{"name":"Wind River Products","product_id":"CSAFPID-cb47fdd4-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Fastly","product":{"name":"Fastly Products","product_id":"CSAFPID-cb483de4-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Paessler","product":{"name":"Paessler Products","product_id":"CSAFPID-cb489186-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Red Hat","product":{"name":"Red Hat Products","product_id":"CSAFPID-cb48cdea-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Cisco","product":{"name":"Cisco Products","product_id":"CSAFPID-cb491b42-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"eCosCentric","product":{"name":"eCosCentric Products","product_id":"CSAFPID-cb49646c-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"LiteSpeed Technologies","product":{"name":"LiteSpeed Technologies Products","product_id":"CSAFPID-cb49f0e4-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Fastly","product":{"name":"Fastly Products","product_id":"CSAFPID-cb4a3ce8-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Aruba Networks","product":{"name":"Aruba Networks Products","product_id":"CSAFPID-cb4a74ba-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"SonicWall","product":{"name":"SonicWall Products","product_id":"CSAFPID-cb4acef6-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Paessler","product":{"name":"Paessler Products","product_id":"CSAFPID-cb4b1f82-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"ZTE Corporation","product":{"name":"ZTE Corporation Products","product_id":"CSAFPID-cb4b6730-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"eero","product":{"name":"eero Products","product_id":"CSAFPID-cb4bad3a-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"lwIP","product":{"name":"lwIP Products","product_id":"CSAFPID-cb4c74c2-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Deutsche Telekom","product":{"name":"Deutsche Telekom Products","product_id":"CSAFPID-cb4cad5c-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Honeywell","product":{"name":"Honeywell Products","product_id":"CSAFPID-cb4cf870-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Arista Networks","product":{"name":"Arista Networks Products","product_id":"CSAFPID-cb4d5fcc-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"D-Link Systems Inc.","product":{"name":"D-Link Systems Inc. Products","product_id":"CSAFPID-cb4d962c-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Medtronic","product":{"name":"Medtronic Products","product_id":"CSAFPID-cb4dcba6-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Illumos","product":{"name":"Illumos Products","product_id":"CSAFPID-cb4e2bdc-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Treck","product":{"name":"Treck Products","product_id":"CSAFPID-cb4e7d44-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Red Hat","product":{"name":"Red Hat Products","product_id":"CSAFPID-cb4ed820-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Juniper Networks","product":{"name":"Juniper Networks Products","product_id":"CSAFPID-cb4f24e2-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Microchip Technology","product":{"name":"Microchip Technology Products","product_id":"CSAFPID-cb4f6920-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"LANCOM Systems GmbH","product":{"name":"LANCOM Systems GmbH Products","product_id":"CSAFPID-cb4fc442-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"NetBSD","product":{"name":"NetBSD Products","product_id":"CSAFPID-cb501f14-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Wind River","product":{"name":"Wind River Products","product_id":"CSAFPID-cb508c42-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Marvell Semiconductor","product":{"name":"Marvell Semiconductor Products","product_id":"CSAFPID-cb50dfda-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Cisco","product":{"name":"Cisco Products","product_id":"CSAFPID-cb5137b4-33f8-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"eCosCentric","product":{"name":"eCosCentric Products","product_id":"CSAFPID-cb517170-33f8-11f1-8422-122e2785dc9f"}}]}}