Filtered by vendor Zenitel
Subscriptions
Filtered by product Tciv-3+
Subscriptions
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-64126 | 1 Zenitel | 1 Tciv-3+ | 2025-11-27 | 10 Critical |
| An OS command injection vulnerability exists due to improper input validation. The application accepts a parameter directly from user input without verifying it is a valid IP address or filtering potentially malicious characters. This could allow an unauthenticated attacker to inject arbitrary commands. | ||||
| CVE-2025-64128 | 1 Zenitel | 1 Tciv-3+ | 2025-11-27 | 10 Critical |
| An OS command injection vulnerability exists due to incomplete validation of user-supplied input. Validation fails to enforce sufficient formatting rules, which could permit attackers to append arbitrary data. This could allow an unauthenticated attacker to inject arbitrary commands. | ||||
| CVE-2025-64129 | 1 Zenitel | 1 Tciv-3+ | 2025-11-27 | 7.6 High |
| Zenitel TCIV-3+ is vulnerable to an out-of-bounds write vulnerability, which could allow a remote attacker to crash the device. | ||||
| CVE-2025-64130 | 1 Zenitel | 1 Tciv-3+ | 2025-11-27 | 9.8 Critical |
| Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could allow a remote attacker to execute arbitrary JavaScript on the victim's browser. | ||||
| CVE-2025-64127 | 1 Zenitel | 1 Tciv-3+ | 2025-11-27 | 10 Critical |
| An OS command injection vulnerability exists due to insufficient sanitization of user-supplied input. The application accepts parameters that are later incorporated into OS commands without adequate validation. This could allow an unauthenticated attacker to execute arbitrary commands remotely. | ||||
Page 1 of 1.