Zenitel Tciv-3+

5 CVEs affecting Zenitel Tciv-3+. Latest disclosed: 2025-11-26. Critical: 4, High: 1.

Top CVEs affecting Zenitel Tciv-3+
CVESeverityScorePublishedSummary
CVE-2025-64128Critical10.02025-11-26An OS command injection vulnerability exists due to incomplete validation of user-supplied input. Validation fails to enforce sufficient formatting rules, wh…
CVE-2025-64127Critical10.02025-11-26An OS command injection vulnerability exists due to insufficient sanitization of user-supplied input. The application accepts parameters that are later incor…
CVE-2025-64126Critical10.02025-11-26An OS command injection vulnerability exists due to improper input validation. The application accepts a parameter directly from user input without verifying…
CVE-2025-64130Critical9.82025-11-26Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could allow a remote attacker to execute arbitrary JavaScript on the v…
CVE-2025-64129High7.62025-11-26Zenitel TCIV-3+ is vulnerable to an out-of-bounds write vulnerability, which could allow a remote attacker to crash the device.