Approved changes feed: RSS · Atom
cpe:2.3:a:zenitel:tciv-3+:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Zenitel (2ea0b422-4f65-5fec-9d8e-0cf7da40e9b1) |
|---|---|
| Product | Tciv 3+ (74b67f0a-16f8-54a8-8c67-91f02627eb77) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-64130 |
vulnerable | 2026-06-08 07:39:18.040550 |
Zenitel TCIV-3+ Cross-site Scripting
CRITICAL (9.8)
Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting
vulnerability, which could allow a remote attacker to execute arbitrary
JavaScript on the victim's browser.
Published: 2025-11-26T17:55:56.856Z
Updated: 2025-11-26T18:31:42.926Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-64129 |
vulnerable | 2026-06-08 07:39:18.040257 |
Zenitel TCIV-3+ Out-of-bounds Write
HIGH (7.6)
Zenitel TCIV-3+ is vulnerable to an out-of-bounds write
vulnerability, which could allow a remote attacker to crash the device.
Published: 2025-11-26T17:54:07.700Z
Updated: 2025-11-26T18:33:07.564Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-64128 |
vulnerable | 2026-06-08 07:39:18.039958 |
Zenitel TCIV-3+ OS Command Injection
CRITICAL (10)
An OS command injection vulnerability exists due to incomplete
validation of user-supplied input. Validation fails to enforce
sufficient formatting rules, which could permit attackers to append
arbitrary data. This could allow an unauthenticated attacker to inject
arbitrary commands.
Published: 2025-11-26T17:51:23.485Z
Updated: 2025-11-26T19:13:49.932Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-64127 |
vulnerable | 2026-06-08 07:39:18.039528 |
Zenitel TCIV-3+ OS Command Injection
CRITICAL (10)
An OS command injection vulnerability exists due to insufficient
sanitization of user-supplied input. The application accepts parameters
that are later incorporated into OS commands without adequate
validation. This could allow an unauthenticated attacker to execute
arbitrary commands remotely.
Published: 2025-11-26T17:50:01.184Z
Updated: 2025-11-26T19:31:02.691Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-64126 |
vulnerable | 2026-06-08 07:39:18.039148 |
Zenitel TCIV-3+ OS Command Injection
CRITICAL (10)
An OS command injection vulnerability exists due to improper input
validation. The application accepts a parameter directly from user input
without verifying it is a valid IP address or filtering potentially
malicious characters. This could allow an unauthenticated attacker to
inject arbitrary commands.
Published: 2025-11-26T17:47:05.385Z
Updated: 2025-12-03T16:24:46.181Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.