Filtered by vendor Zenitel
Subscriptions
Total
12 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-64130 | 1 Zenitel | 1 Tciv-3+ | 2025-12-01 | 9.8 Critical |
| Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could allow a remote attacker to execute arbitrary JavaScript on the victim's browser. | ||||
| CVE-2025-64127 | 1 Zenitel | 1 Tciv-3+ | 2025-12-01 | 10 Critical |
| An OS command injection vulnerability exists due to insufficient sanitization of user-supplied input. The application accepts parameters that are later incorporated into OS commands without adequate validation. This could allow an unauthenticated attacker to execute arbitrary commands remotely. | ||||
| CVE-2025-64128 | 1 Zenitel | 1 Tciv-3+ | 2025-12-01 | 10 Critical |
| An OS command injection vulnerability exists due to incomplete validation of user-supplied input. Validation fails to enforce sufficient formatting rules, which could permit attackers to append arbitrary data. This could allow an unauthenticated attacker to inject arbitrary commands. | ||||
| CVE-2025-64126 | 1 Zenitel | 1 Tciv-3+ | 2025-12-01 | 10 Critical |
| An OS command injection vulnerability exists due to improper input validation. The application accepts a parameter directly from user input without verifying it is a valid IP address or filtering potentially malicious characters. This could allow an unauthenticated attacker to inject arbitrary commands. | ||||
| CVE-2025-64129 | 1 Zenitel | 1 Tciv-3+ | 2025-12-01 | 7.6 High |
| Zenitel TCIV-3+ is vulnerable to an out-of-bounds write vulnerability, which could allow a remote attacker to crash the device. | ||||
| CVE-2025-59814 | 1 Zenitel | 2 Icx500, Icx510 | 2025-09-29 | 8.8 High |
| This vulnerability allows malicious actors to gain unauthorized access to the Zenitel ICX500 and ICX510 Gateway Billing Admin endpoint, enabling them to read the entire contents of the Billing Admin database. | ||||
| CVE-2025-59815 | 1 Zenitel | 2 Icx500, Icx510 | 2025-09-29 | 8.4 High |
| This vulnerability allows malicious actors to execute arbitrary commands on the underlying system of the Zenitel ICX500 and ICX510 Gateway, granting shell access. Exploitation can compromise the device’s availability, confidentiality, and integrity. | ||||
| CVE-2025-59817 | 1 Zenitel | 1 Tcis-3+ | 2025-09-29 | 8.4 High |
| This vulnerability allows attackers to execute arbitrary commands on the underlying system. Because the web portal runs with root privileges, successful exploitation grants full control over the device, potentially compromising its availability, confidentiality, and integrity. | ||||
| CVE-2025-59816 | 1 Zenitel | 2 Icx500, Icx510 | 2025-09-26 | 7.3 High |
| This vulnerability allows attackers to directly query the underlying database, potentially retrieving all data stored in the Billing Admin database, including user credentials. User passwords are stored in plaintext, significantly increasing the severity of this issue. | ||||
| CVE-2021-40845 | 1 Zenitel | 1 Alphacom Xe Audio Server | 2024-11-21 | 8.8 High |
| The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, called AlphaWeb XE, does not restrict file upload in the Custom Scripts section at php/index.php. Neither the content nor extension of the uploaded files is checked, allowing execution of PHP code under the /cmd directory. | ||||
| CVE-2018-19927 | 1 Zenitel | 2 Ip-stationweb, Ip-stationweb Firmware | 2024-11-21 | N/A |
| Zenitel Norway IP-StationWeb before 4.2.3.9 allows stored XSS via the Display Name for Station Status or Account Settings, related to the goform/zForm_save_changes sip_nick parameter. The password of alphaadmin for the admin account may be used for authentication in some cases. | ||||
| CVE-2018-19926 | 1 Zenitel | 2 Ip-stationweb, Ip-stationweb Firmware | 2024-11-21 | N/A |
| Zenitel Norway IP-StationWeb before 4.2.3.9 allows reflected XSS via the goform/ PATH_INFO. | ||||
Page 1 of 1.