24 matches found
CVE-2025-64129
Zenitel TCIV-3+ is vulnerable to an out-of-bounds write vulnerability, which could allow a remote attacker to crash the device...
CVE-2025-64130
Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could allow a remote attacker to execute arbitrary JavaScript on the victim's browser...
CVE-2025-64130
Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could allow a remote attacker to execute arbitrary JavaScript on the victim's browser...
CVE-2025-64129
Zenitel TCIV-3+ is vulnerable to an out-of-bounds write vulnerability, which could allow a remote attacker to crash the device...
CVE-2025-64130 Zenitel TCIV-3+ Cross-site Scripting
Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could allow a remote attacker to execute arbitrary JavaScript on the victim's browser...
CVE-2025-64130 Zenitel TCIV-3+ Cross-site Scripting
Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could allow a remote attacker to execute arbitrary JavaScript on the victim's browser...
CVE-2025-64130
Zenitel TCIV-3+ is affected by a reflected cross-site scripting vulnerability that could allow a remote attacker to run arbitrary JavaScript in a victim’s browser. The issue is described across multiple sources (NVD/Red Hat/EUVD/CVELIST/CISA) as a reflected XSS affecting the device, with the vuln...
CVE-2025-64129
Zenitel TCIV-3+ devices are affected by CVE-2025-64129 due to an out-of-bounds write in input handling, enabling a remote attacker over the network to crash the device. The issue is described across multiple sources (NVD, Red Hat, CNNVD, CVE listings, and CISA/ICS advisories) as an out-of-bounds ...
CVE-2025-64129 Zenitel TCIV-3+ Out-of-bounds Write
Zenitel TCIV-3+ is vulnerable to an out-of-bounds write vulnerability, which could allow a remote attacker to crash the device...
CVE-2025-64129 Zenitel TCIV-3+ Out-of-bounds Write
Zenitel TCIV-3+ is vulnerable to an out-of-bounds write vulnerability, which could allow a remote attacker to crash the device...
CVE-2025-64128 Zenitel TCIV-3+ OS Command Injection
An OS command injection vulnerability exists due to incomplete validation of user-supplied input. Validation fails to enforce sufficient formatting rules, which could permit attackers to append arbitrary data. This could allow an unauthenticated attacker to inject arbitrary commands...
CVE-2025-64128 Zenitel TCIV-3+ OS Command Injection
An OS command injection vulnerability exists due to incomplete validation of user-supplied input. Validation fails to enforce sufficient formatting rules, which could permit attackers to append arbitrary data. This could allow an unauthenticated attacker to inject arbitrary commands...
CVE-2025-64127
Zenitel TCIV-3+ OS command injection (CVE-2025-64127) arises from insufficient input sanitization, with user-supplied parameters being incorporated into OS commands. This could allow an unauthenticated attacker to remotely execute arbitrary commands. Affected product: Zenitel TCIV-3+ IP intercom ...
CVE-2025-64127 Zenitel TCIV-3+ OS Command Injection
An OS command injection vulnerability exists due to insufficient sanitization of user-supplied input. The application accepts parameters that are later incorporated into OS commands without adequate validation. This could allow an unauthenticated attacker to execute arbitrary commands remotely...
CVE-2025-64127 Zenitel TCIV-3+ OS Command Injection
An OS command injection vulnerability exists due to insufficient sanitization of user-supplied input. The application accepts parameters that are later incorporated into OS commands without adequate validation. This could allow an unauthenticated attacker to execute arbitrary commands remotely...
CVE-2025-64126 Zenitel TCIV-3+ OS Command Injection
An OS command injection vulnerability exists due to improper input validation. The application accepts a parameter directly from user input without verifying it is a valid IP address or filtering potentially malicious characters. This could allow an unauthenticated attacker to inject arbitrary...
CVE-2025-64126
CVE-2025-64126 affects Zenitel TCIV-3+ devices. The vulnerability is an OS command injection caused by insufficient input validation, where user-supplied input is not reliably verified as an IP address and may include malicious characters. The impact, per PT-2025-48137, is that an unauthenticated...
CVE-2025-64126 Zenitel TCIV-3+ OS Command Injection
An OS command injection vulnerability exists due to improper input validation. The application accepts a parameter directly from user input without verifying it is a valid IP address or filtering potentially malicious characters. This could allow an unauthenticated attacker to inject arbitrary...
Zenitel TCIV-3+ 操作系统命令注入漏洞
The Zenitel TCIV-3+ is an IP intercom terminal from Zenitel Norway. An operating system command injection vulnerability exists in the Zenitel TCIV-3+ prior to version 9.3.3.0, which stems from insufficient user input cleanup and could allow an unauthenticated attacker to remotely execute arbitrar...
Zenitel TCIV-3+ 操作系统命令注入漏洞
The Zenitel TCIV-3+ is an IP intercom terminal from Zenitel Norway. An operating system command injection vulnerability exists in the Zenitel TCIV-3+ prior to version 9.3.3.0, which stems from incomplete input validation and could allow an unauthenticated attacker to inject arbitrary commands...