18 matches found
CVE-2025-64129
Zenitel TCIV-3+ is vulnerable to an out-of-bounds write vulnerability, which could allow a remote attacker to crash the device...
CVE-2025-64130
Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could allow a remote attacker to execute arbitrary JavaScript on the victim's browser...
CVE-2025-64130
Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could allow a remote attacker to execute arbitrary JavaScript on the victim's browser...
CVE-2025-64130 Zenitel TCIV-3+ Cross-site Scripting
Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could allow a remote attacker to execute arbitrary JavaScript on the victim's browser...
CVE-2025-64130 Zenitel TCIV-3+ Cross-site Scripting
Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could allow a remote attacker to execute arbitrary JavaScript on the victim's browser...
CVE-2025-64130
Zenitel TCIV-3+ is affected by a reflected cross-site scripting vulnerability that could allow a remote attacker to run arbitrary JavaScript in a victim’s browser. The issue is described across multiple sources (NVD/Red Hat/EUVD/CVELIST/CISA) as a reflected XSS affecting the device, with the vuln...
CVE-2025-64129 Zenitel TCIV-3+ Out-of-bounds Write
Zenitel TCIV-3+ is vulnerable to an out-of-bounds write vulnerability, which could allow a remote attacker to crash the device...
CVE-2025-64129 Zenitel TCIV-3+ Out-of-bounds Write
Zenitel TCIV-3+ is vulnerable to an out-of-bounds write vulnerability, which could allow a remote attacker to crash the device...
CVE-2025-64128 Zenitel TCIV-3+ OS Command Injection
An OS command injection vulnerability exists due to incomplete validation of user-supplied input. Validation fails to enforce sufficient formatting rules, which could permit attackers to append arbitrary data. This could allow an unauthenticated attacker to inject arbitrary commands...
CVE-2025-64127 Zenitel TCIV-3+ OS Command Injection
An OS command injection vulnerability exists due to insufficient sanitization of user-supplied input. The application accepts parameters that are later incorporated into OS commands without adequate validation. This could allow an unauthenticated attacker to execute arbitrary commands remotely...
CVE-2025-64127 Zenitel TCIV-3+ OS Command Injection
An OS command injection vulnerability exists due to insufficient sanitization of user-supplied input. The application accepts parameters that are later incorporated into OS commands without adequate validation. This could allow an unauthenticated attacker to execute arbitrary commands remotely...
CVE-2025-64126 Zenitel TCIV-3+ OS Command Injection
An OS command injection vulnerability exists due to improper input validation. The application accepts a parameter directly from user input without verifying it is a valid IP address or filtering potentially malicious characters. This could allow an unauthenticated attacker to inject arbitrary...
CVE-2025-64126
CVE-2025-64126 affects Zenitel TCIV-3+ devices. The vulnerability is an OS command injection caused by insufficient input validation, where user-supplied input is not reliably verified as an IP address and may include malicious characters. The impact, per PT-2025-48137, is that an unauthenticated...
Zenitel TCIV-3+ 操作系统命令注入漏洞
The Zenitel TCIV-3+ is an IP intercom terminal from Zenitel Norway. An operating system command injection vulnerability exists in the Zenitel TCIV-3+ prior to version 9.3.3.0, which stems from insufficient user input cleanup and could allow an unauthenticated attacker to remotely execute arbitrar...
Zenitel TCIV-3+ 操作系统命令注入漏洞
The Zenitel TCIV-3+ is an IP intercom terminal from Zenitel Norway. An operating system command injection vulnerability exists in the Zenitel TCIV-3+ prior to version 9.3.3.0, which stems from incomplete input validation and could allow an unauthenticated attacker to inject arbitrary commands...
Zenitel TCIV-3+ 缓冲区错误漏洞
The Zenitel TCIV-3+ is an IP intercom terminal from Zenitel Norway. The Zenitel TCIV-3+ suffers from a buffer error vulnerability that originates from an out-of-bounds write and could lead to a remote attacker crashing the device...
Zenitel TCIV-3+ 跨站脚本漏洞
Zenitel TCIV-3+ is an IP intercom terminal from Zenitel Norway. The Zenitel TCIV-3+ suffers from a cross-site scripting vulnerability that stems from reflective cross-site scripting, which could lead to a remote attacker executing arbitrary JavaScript in the victim's browser...
PT-2025-48170
Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could allow a remote attacker to execute arbitrary JavaScript on the victim's browser...