Filtered by vendor Zenitel
Subscribe
Total
8 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-64091 | 1 Zenitel | 2 Tcis-3, Tcis-3 Firmware | 2026-02-12 | N/A | 8.6 HIGH |
| This vulnerability allows authenticated attackers to execute commands via the NTP-configuration of the device. | |||||
| CVE-2025-64090 | 1 Zenitel | 2 Tcis-3, Tcis-3 Firmware | 2026-02-12 | N/A | 10.0 CRITICAL |
| This vulnerability allows authenticated attackers to execute commands via the hostname of the device. | |||||
| CVE-2025-64092 | 1 Zenitel | 4 Icx500, Icx500 Firmware, Icx510 and 1 more | 2026-02-12 | N/A | 7.5 HIGH |
| This vulnerability allows unauthenticated attackers to inject an SQL request into GET request parameters and directly query the underlying database. | |||||
| CVE-2025-59818 | 1 Zenitel | 2 Tcis-3, Tcis-3 Firmware | 2026-02-11 | N/A | 10.0 CRITICAL |
| This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file name of an uploaded file. | |||||
| CVE-2025-64093 | 1 Zenitel | 4 Icx500, Icx500 Firmware, Icx510 and 1 more | 2026-02-10 | N/A | 10.0 CRITICAL |
| Remote Code Execution vulnerability that allows unauthenticated attackers to inject arbitrary commands into the hostname of the device. | |||||
| CVE-2021-40845 | 1 Zenitel | 1 Alphacom Xe Audio Server | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, called AlphaWeb XE, does not restrict file upload in the Custom Scripts section at php/index.php. Neither the content nor extension of the uploaded files is checked, allowing execution of PHP code under the /cmd directory. | |||||
| CVE-2018-19927 | 1 Zenitel | 2 Ip-stationweb, Ip-stationweb Firmware | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Zenitel Norway IP-StationWeb before 4.2.3.9 allows stored XSS via the Display Name for Station Status or Account Settings, related to the goform/zForm_save_changes sip_nick parameter. The password of alphaadmin for the admin account may be used for authentication in some cases. | |||||
| CVE-2018-19926 | 1 Zenitel | 2 Ip-stationweb, Ip-stationweb Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zenitel Norway IP-StationWeb before 4.2.3.9 allows reflected XSS via the goform/ PATH_INFO. | |||||