GCVE - cpe:2.3:a:zenitel:icx510:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:zenitel:icx510:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Zenitel (`2ea0b422-4f65-5fec-9d8e-0cf7da40e9b1`)
Product	Icx510 (`9882c613-1079-5327-86c1-6db47f1a4250`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-64093`	vulnerable	2026-06-08 07:39:17.982622	Unauthenticated Remote Code Execution via the device hostname CRITICAL (10) Remote Code Execution vulnerability that allows unauthenticated attackers to inject arbitrary commands into the hostname of the device. Published: 2026-01-09T10:04:58.207Z Updated: 2026-01-09T17:58:19.551Z Open on db.gcve.eu Reference links https://www.zenitel.com/sites/default/files/2025-12/A100K12333%20Zenitel%20Security%20Advisory.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-64092`	vulnerable	2026-06-08 07:39:17.978286	Unauthenticated SQL injection via GET request parameters HIGH (7.5) This vulnerability allows unauthenticated attackers to inject an SQL request into GET request parameters and directly query the underlying database. Published: 2026-01-09T10:03:49.853Z Updated: 2026-01-09T17:59:17.924Z Open on db.gcve.eu Reference links https://www.zenitel.com/sites/default/files/2025-12/A100K12333%20Zenitel%20Security%20Advisory.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-59816`	vulnerable	2026-06-08 07:35:23.212658	Authenticated Union based SQL-injection in the search input field HIGH (7.3) This vulnerability allows attackers to directly query the underlying database, potentially retrieving all data stored in the Billing Admin database, including user credentials. User passwords are stored in plaintext, significantly increasing the severity of this issue. Published: 2025-09-25T19:30:03.608Z Updated: 2025-09-26T15:42:38.822Z Open on db.gcve.eu Reference links https://wiki.zenitel.com/wiki/ICX_1.4.3.X_-_Release_Notes https://wiki.zenitel.com/wiki/Downloads#ICX-AlphaCom_System	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-59815`	vulnerable	2026-06-08 07:35:23.212322	Authenticated Remote Code Execution in the Billing Administration portal HIGH (8.4) This vulnerability allows malicious actors to execute arbitrary commands on the underlying system of the Zenitel ICX500 and ICX510 Gateway, granting shell access. Exploitation can compromise the device’s availability, confidentiality, and integrity. Published: 2025-09-25T19:29:50.228Z Updated: 2025-09-29T17:15:41.293Z Open on db.gcve.eu Reference links https://wiki.zenitel.com/wiki/ICX_1.4.3.X_-_Release_Notes https://wiki.zenitel.com/wiki/Downloads#ICX-AlphaCom_System	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-59814`	vulnerable	2026-06-08 07:35:23.211741	Unauthenticated SQL-injection in password field HIGH (8.8) This vulnerability allows malicious actors to gain unauthorized access to the Zenitel ICX500 and ICX510 Gateway Billing Admin endpoint, enabling them to read the entire contents of the Billing Admin database. Published: 2025-09-25T19:29:34.809Z Updated: 2025-09-29T17:25:33.798Z Open on db.gcve.eu Reference links https://wiki.zenitel.com/wiki/ICX_1.4.3.X_-_Release_Notes https://wiki.zenitel.com/wiki/Downloads#ICX-AlphaCom_System	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.