cbcvebase.

Zenitel Tciv-3 vulnerabilities

5 known vulnerabilities affecting zenitel/tciv-3.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH1

Vulnerabilities

Page 1 of 1
CVE-2025-64127P2CRITICALCVSS 10.0≤ 9.3.3.02025-11-26
CVE-2025-64127 [CRITICAL] CWE-78 CVE-2025-64127: An OS command injection vulnerability exists due to insufficient sanitization of user-supplied inpu An OS command injection vulnerability exists due to insufficient sanitization of user-supplied input. The application accepts parameters that are later incorporated into OS commands without adequate validation. This could allow an unauthenticated attacker to execute arbitrary commands remotely.
nvd
CVE-2025-64126P2CRITICALCVSS 10.0≤ 9.3.3.02025-11-26
CVE-2025-64126 [CRITICAL] CWE-78 CVE-2025-64126: An OS command injection vulnerability exists due to improper input validation. The application acce An OS command injection vulnerability exists due to improper input validation. The application accepts a parameter directly from user input without verifying it is a valid IP address or filtering potentially malicious characters. This could allow an unauthenticated attacker to inject arbitrary commands.
nvd
CVE-2025-64128P2CRITICALCVSS 10.0≤ 9.3.3.02025-11-26
CVE-2025-64128 [CRITICAL] CWE-78 CVE-2025-64128: An OS command injection vulnerability exists due to incomplete validation of user-supplied input. V An OS command injection vulnerability exists due to incomplete validation of user-supplied input. Validation fails to enforce sufficient formatting rules, which could permit attackers to append arbitrary data. This could allow an unauthenticated attacker to inject arbitrary commands.
nvd
CVE-2025-64130P3CRITICALCVSS 9.8≤ 9.3.3.02025-11-26
CVE-2025-64130 [CRITICAL] CWE-79 CVE-2025-64130: Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could allow Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could allow a remote attacker to execute arbitrary JavaScript on the victim's browser.
nvd
CVE-2025-64129P3HIGHCVSS 7.6≤ 9.3.3.02025-11-26
CVE-2025-64129 [HIGH] CWE-787 CVE-2025-64129: Zenitel TCIV-3+ is vulnerable to an out-of-bounds write vulnerability, which could allow a remote a Zenitel TCIV-3+ is vulnerable to an out-of-bounds write vulnerability, which could allow a remote attacker to crash the device.
nvd
Zenitel Tciv-3 vulnerabilities | cvebase