Is the 520 BIG-IP e-Commerce Controller end of life?

Yes. The F5 Networks 520 BIG-IP e-Commerce Controller has reached end of life. Vendor support ended on 2007-11-15.

When is the 520 BIG-IP e-Commerce Controller end of sale date?

The F5 Networks 520 BIG-IP e-Commerce Controller reached end of sale on 2002-10-23. The last date of vendor support is 2007-11-15.

Home/F5 Networks/BIG-IP Legacy/520 BIG-IP e-Commerce Controller

520 BIG-IP e-Commerce Controller

SKU 520

F5 Networks Chassis · BIG-IP Legacy Series

High confidence Official F5 Networks notice (K4309) ↗ Verified 2026-05-31

520 BIG-IP e-Commerce Controller is dead. F5 Networks support ended 2007-11-15 (-6776d). Last available for order 2002-10-23.

Is the 520 BIG-IP e-Commerce Controller still supported?

No. F5 Networks ended support for the 520 BIG-IP e-Commerce Controller on 2007-11-15. No further security fixes will be issued. See F5 Networks's lifecycle bulletin.

When does the 520 BIG-IP e-Commerce Controller reach end of support?

F5 Networks support for the 520 BIG-IP e-Commerce Controller ends on 2007-11-15.

What replaces the 520 BIG-IP e-Commerce Controller?

F5 Networks has not published a successor model for the 520 BIG-IP e-Commerce Controller.

What known-exploited CVEs apply to the 520 BIG-IP e-Commerce Controller past end of support?

5 CVEs in CISA's Known Exploited Vulnerabilities catalog apply to the platform the 520 BIG-IP e-Commerce Controller runs. These will not be patched on this device because it is past the F5 Networks security-support date. See the Known Exploited Vulnerabilities table below for the full list.

Known Exploited Vulnerabilities

This device is past F5 Networks's security-support date. 5 CVEs in CISA's Known Exploited Vulnerabilities catalog apply to the platform it runs. F5 Networks is not issuing patches for this model. Isolate, compensate, or refresh.

CVE	KEV added	Vulnerability	Flags
`CVE-2025-53521`	2026-03-27	F5 BIG-IP Stack-Based Buffer Overflow Vulnerability Advisory 1 Advisory 2 Advisory 3
`CVE-2023-46748`	2023-10-31	F5 BIG-IP Configuration Utility SQL Injection Vulnerability Advisory 1 Advisory 2
`CVE-2023-46747`	2023-10-31	F5 BIG-IP Configuration Utility Authentication Bypass Vulnerability Advisory 1 Advisory 2	Ransomware
`CVE-2022-1388`	2022-05-10	F5 BIG-IP Missing Authentication Vulnerability Advisory 1	Ransomware
`CVE-2020-5902`	2021-11-03	F5 BIG-IP Traffic Management User Interface (TMUI) Remote Code Execution Vulnerability Advisory 1	Ransomware

Source: CISA Known Exploited Vulnerabilities catalog. The Ransomware flag reflects CISA's own knownRansomwareCampaignUse field, set when the CVE has been observed in ransomware campaigns per their threat intel. It's not a property of the vulnerability description itself.

Correlation is at the platform level, not per-OS-version. Not exhaustive: KEV only lists actively-exploited CVEs and many relevant unexploited vulnerabilities are not here. Verify against vendor security advisories (PSIRT, JSA, PAN-SA) and NVD before acting. See compensating controls if refresh isn't immediate.

End of Sale 2002-10-23

End of Support 2007-11-15