Zenitel Tciv-3+
5 CVEs affecting Zenitel Tciv-3+. Latest disclosed: 2025-11-26. Critical: 4, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-64128 | Critical | 10.0 | 2025-11-26 | An OS command injection vulnerability exists due to incomplete validation of user-supplied input. Validation fails to enforce sufficient formatting rules, wh… |
CVE-2025-64127 | Critical | 10.0 | 2025-11-26 | An OS command injection vulnerability exists due to insufficient sanitization of user-supplied input. The application accepts parameters that are later incor… |
CVE-2025-64126 | Critical | 10.0 | 2025-11-26 | An OS command injection vulnerability exists due to improper input validation. The application accepts a parameter directly from user input without verifying… |
CVE-2025-64130 | Critical | 9.8 | 2025-11-26 | Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could allow a remote attacker to execute arbitrary JavaScript on the v… |
CVE-2025-64129 | High | 7.6 | 2025-11-26 | Zenitel TCIV-3+ is vulnerable to an out-of-bounds write vulnerability, which could allow a remote attacker to crash the device. |