Approved changes feed: RSS · Atom

cpe:2.3:a:zenitel:tciv-3+:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorZenitel (2ea0b422-4f65-5fec-9d8e-0cf7da40e9b1)
ProductTciv 3+ (74b67f0a-16f8-54a8-8c67-91f02627eb77)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2025-64130 vulnerable 2026-06-08 07:39:18.040550 Zenitel TCIV-3+ Cross-site Scripting
CRITICAL (9.8)
Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could allow a remote attacker to execute arbitrary JavaScript on the victim's browser.
Published: 2025-11-26T17:55:56.856Z
Updated: 2025-11-26T18:31:42.926Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-64129 vulnerable 2026-06-08 07:39:18.040257 Zenitel TCIV-3+ Out-of-bounds Write
HIGH (7.6)
Zenitel TCIV-3+ is vulnerable to an out-of-bounds write vulnerability, which could allow a remote attacker to crash the device.
Published: 2025-11-26T17:54:07.700Z
Updated: 2025-11-26T18:33:07.564Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-64128 vulnerable 2026-06-08 07:39:18.039958 Zenitel TCIV-3+ OS Command Injection
CRITICAL (10)
An OS command injection vulnerability exists due to incomplete validation of user-supplied input. Validation fails to enforce sufficient formatting rules, which could permit attackers to append arbitrary data. This could allow an unauthenticated attacker to inject arbitrary commands.
Published: 2025-11-26T17:51:23.485Z
Updated: 2025-11-26T19:13:49.932Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-64127 vulnerable 2026-06-08 07:39:18.039528 Zenitel TCIV-3+ OS Command Injection
CRITICAL (10)
An OS command injection vulnerability exists due to insufficient sanitization of user-supplied input. The application accepts parameters that are later incorporated into OS commands without adequate validation. This could allow an unauthenticated attacker to execute arbitrary commands remotely.
Published: 2025-11-26T17:50:01.184Z
Updated: 2025-11-26T19:31:02.691Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-64126 vulnerable 2026-06-08 07:39:18.039148 Zenitel TCIV-3+ OS Command Injection
CRITICAL (10)
An OS command injection vulnerability exists due to improper input validation. The application accepts a parameter directly from user input without verifying it is a valid IP address or filtering potentially malicious characters. This could allow an unauthenticated attacker to inject arbitrary commands.
Published: 2025-11-26T17:47:05.385Z
Updated: 2025-12-03T16:24:46.181Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.