17 matches found
CVE-2025-64130
Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could allow a remote attacker to execute arbitrary JavaScript on the victim's browser...
CVE-2025-64129
Zenitel TCIV-3+ is vulnerable to an out-of-bounds write vulnerability, which could allow a remote attacker to crash the device...
CVE-2025-64130
Zenitel TCIV-3+ is affected by a reflected cross-site scripting vulnerability that could allow a remote attacker to run arbitrary JavaScript in a victim’s browser. The issue is described across multiple sources (NVD/Red Hat/EUVD/CVELIST/CISA) as a reflected XSS affecting the device, with the vuln...
CVE-2025-64130 Zenitel TCIV-3+ Cross-site Scripting
Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could allow a remote attacker to execute arbitrary JavaScript on the victim's browser...
CVE-2025-64130 Zenitel TCIV-3+ Cross-site Scripting
Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could allow a remote attacker to execute arbitrary JavaScript on the victim's browser...
CVE-2025-64129 Zenitel TCIV-3+ Out-of-bounds Write
Zenitel TCIV-3+ is vulnerable to an out-of-bounds write vulnerability, which could allow a remote attacker to crash the device...
CVE-2025-64129
Zenitel TCIV-3+ devices are affected by CVE-2025-64129 due to an out-of-bounds write in input handling, enabling a remote attacker over the network to crash the device. The issue is described across multiple sources (NVD, Red Hat, CNNVD, CVE listings, and CISA/ICS advisories) as an out-of-bounds ...
CVE-2025-64129 Zenitel TCIV-3+ Out-of-bounds Write
Zenitel TCIV-3+ is vulnerable to an out-of-bounds write vulnerability, which could allow a remote attacker to crash the device...
CVE-2025-64128 Zenitel TCIV-3+ OS Command Injection
An OS command injection vulnerability exists due to incomplete validation of user-supplied input. Validation fails to enforce sufficient formatting rules, which could permit attackers to append arbitrary data. This could allow an unauthenticated attacker to inject arbitrary commands...
CVE-2025-64126 Zenitel TCIV-3+ OS Command Injection
An OS command injection vulnerability exists due to improper input validation. The application accepts a parameter directly from user input without verifying it is a valid IP address or filtering potentially malicious characters. This could allow an unauthenticated attacker to inject arbitrary...
CVE-2025-64126
CVE-2025-64126 affects Zenitel TCIV-3+ devices. The vulnerability is an OS command injection caused by insufficient input validation, where user-supplied input is not reliably verified as an IP address and may include malicious characters. The impact, per PT-2025-48137, is that an unauthenticated...
Zenitel TCIV-3+ 缓冲区错误漏洞
The Zenitel TCIV-3+ is an IP intercom terminal from Zenitel Norway. The Zenitel TCIV-3+ suffers from a buffer error vulnerability that originates from an out-of-bounds write and could lead to a remote attacker crashing the device...
Zenitel TCIV-3+ 跨站脚本漏洞
Zenitel TCIV-3+ is an IP intercom terminal from Zenitel Norway. The Zenitel TCIV-3+ suffers from a cross-site scripting vulnerability that stems from reflective cross-site scripting, which could lead to a remote attacker executing arbitrary JavaScript in the victim's browser...
Zenitel TCIV-3+ 操作系统命令注入漏洞
The Zenitel TCIV-3+ is an IP intercom terminal from Zenitel Norway. An operating system command injection vulnerability exists in the Zenitel TCIV-3+ prior to version 9.3.3.0, which stems from incomplete input validation and could allow an unauthenticated attacker to inject arbitrary commands...
Zenitel TCIV-3+ 操作系统命令注入漏洞
The Zenitel TCIV-3+ is an IP intercom terminal from Zenitel Norway. An operating system command injection vulnerability exists in the Zenitel TCIV-3+ prior to version 9.3.3.0, which stems from insufficient user input cleanup and could allow an unauthenticated attacker to remotely execute arbitrar...
PT-2025-48170
Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could allow a remote attacker to execute arbitrary JavaScript on the victim's browser...
CISA Releases Seven Industrial Control Systems Advisories
CISA released seven Industrial Control Systems ICS Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-329-01 Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share ICSA-25-329-02 Rockwell Automation Aren...