Zenitel Tciv-3 vulnerabilities
5 known vulnerabilities affecting zenitel/tciv-3.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH1
Vulnerabilities
Page 1 of 1
CVE-2025-64127P2CRITICALCVSS 10.0≤ 9.3.3.02025-11-26
CVE-2025-64127 [CRITICAL] CWE-78 CVE-2025-64127: An OS command injection vulnerability exists due to insufficient sanitization of user-supplied inpu
An OS command injection vulnerability exists due to insufficient
sanitization of user-supplied input. The application accepts parameters
that are later incorporated into OS commands without adequate
validation. This could allow an unauthenticated attacker to execute
arbitrary commands remotely.
nvd
CVE-2025-64126P2CRITICALCVSS 10.0≤ 9.3.3.02025-11-26
CVE-2025-64126 [CRITICAL] CWE-78 CVE-2025-64126: An OS command injection vulnerability exists due to improper input validation. The application acce
An OS command injection vulnerability exists due to improper input
validation. The application accepts a parameter directly from user input
without verifying it is a valid IP address or filtering potentially
malicious characters. This could allow an unauthenticated attacker to
inject arbitrary commands.
nvd
CVE-2025-64128P2CRITICALCVSS 10.0≤ 9.3.3.02025-11-26
CVE-2025-64128 [CRITICAL] CWE-78 CVE-2025-64128: An OS command injection vulnerability exists due to incomplete validation of user-supplied input. V
An OS command injection vulnerability exists due to incomplete
validation of user-supplied input. Validation fails to enforce
sufficient formatting rules, which could permit attackers to append
arbitrary data. This could allow an unauthenticated attacker to inject
arbitrary commands.
nvd
CVE-2025-64130P3CRITICALCVSS 9.8≤ 9.3.3.02025-11-26
CVE-2025-64130 [CRITICAL] CWE-79 CVE-2025-64130: Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could allow
Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting
vulnerability, which could allow a remote attacker to execute arbitrary
JavaScript on the victim's browser.
nvd
CVE-2025-64129P3HIGHCVSS 7.6≤ 9.3.3.02025-11-26
CVE-2025-64129 [HIGH] CWE-787 CVE-2025-64129: Zenitel TCIV-3+ is vulnerable to an out-of-bounds write vulnerability, which could allow a remote a
Zenitel TCIV-3+ is vulnerable to an out-of-bounds write
vulnerability, which could allow a remote attacker to crash the device.
nvd