Is the 540 BIG-IP e-Commerce Controller end of life?

Yes. The F5 Networks 540 BIG-IP e-Commerce Controller has reached end of life. Vendor support ended on 2014-10-01.

When is the 540 BIG-IP e-Commerce Controller end of sale date?

The F5 Networks 540 BIG-IP e-Commerce Controller reached end of sale on 2007-10-01. The last date of vendor support is 2014-10-01.

Home/F5 Networks/BIG-IP Legacy/540 BIG-IP e-Commerce Controller

540 BIG-IP e-Commerce Controller

SKU 540

F5 Networks Chassis · BIG-IP Legacy Series

High confidence Official F5 Networks notice (K4309) ↗ Verified 2026-05-31

540 BIG-IP e-Commerce Controller is dead. F5 Networks support ended 2014-10-01 (-4264d). Last available for order 2007-10-01.

Is the 540 BIG-IP e-Commerce Controller still supported?

No. F5 Networks ended support for the 540 BIG-IP e-Commerce Controller on 2014-10-01. No further security fixes will be issued. See F5 Networks's lifecycle bulletin.

When does the 540 BIG-IP e-Commerce Controller reach end of support?

F5 Networks support for the 540 BIG-IP e-Commerce Controller ends on 2014-10-01.

What replaces the 540 BIG-IP e-Commerce Controller?

F5 Networks has not published a successor model for the 540 BIG-IP e-Commerce Controller.

What known-exploited CVEs apply to the 540 BIG-IP e-Commerce Controller past end of support?

5 CVEs in CISA's Known Exploited Vulnerabilities catalog apply to the platform the 540 BIG-IP e-Commerce Controller runs. These will not be patched on this device because it is past the F5 Networks security-support date. See the Known Exploited Vulnerabilities table below for the full list.

Known Exploited Vulnerabilities

This device is past F5 Networks's security-support date. 5 CVEs in CISA's Known Exploited Vulnerabilities catalog apply to the platform it runs. F5 Networks is not issuing patches for this model. Isolate, compensate, or refresh.

CVE	KEV added	Vulnerability	Flags
`CVE-2025-53521`	2026-03-27	F5 BIG-IP Stack-Based Buffer Overflow Vulnerability Advisory 1 Advisory 2 Advisory 3
`CVE-2023-46748`	2023-10-31	F5 BIG-IP Configuration Utility SQL Injection Vulnerability Advisory 1 Advisory 2
`CVE-2023-46747`	2023-10-31	F5 BIG-IP Configuration Utility Authentication Bypass Vulnerability Advisory 1 Advisory 2	Ransomware
`CVE-2022-1388`	2022-05-10	F5 BIG-IP Missing Authentication Vulnerability Advisory 1	Ransomware
`CVE-2020-5902`	2021-11-03	F5 BIG-IP Traffic Management User Interface (TMUI) Remote Code Execution Vulnerability Advisory 1	Ransomware

Source: CISA Known Exploited Vulnerabilities catalog. The Ransomware flag reflects CISA's own knownRansomwareCampaignUse field, set when the CVE has been observed in ransomware campaigns per their threat intel. It's not a property of the vulnerability description itself.

Correlation is at the platform level, not per-OS-version. Not exhaustive: KEV only lists actively-exploited CVEs and many relevant unexploited vulnerabilities are not here. Verify against vendor security advisories (PSIRT, JSA, PAN-SA) and NVD before acting. See compensating controls if refresh isn't immediate.

End of Sale 2007-10-01

End of Support 2014-10-01