Zenitel
Products
7- 5 CVEs
- 4 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
Recent CVEs
15| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-64130 | Cri | 0.64 | 9.8 | 0.01 | Nov 26, 2025 | Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could allow a remote attacker to execute arbitrary JavaScript on the victim's browser. | ||
| CVE-2021-40845 | Hig | 0.58 | 8.8 | 0.05 | Sep 15, 2021 | The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, called AlphaWeb XE, does not restrict file upload in the Custom Scripts section at php/index.php. Neither the content nor extension of the uploaded files is checked, allowing execution of PHP code under the /cmd… | ||
| CVE-2025-59814 | Hig | 0.57 | 8.8 | 0.00 | Sep 25, 2025 | This vulnerability allows malicious actors to gain unauthorized access to the Zenitel ICX500 and ICX510 Gateway Billing Admin endpoint, enabling them to read the entire contents of the Billing Admin database. | ||
| CVE-2025-59815 | Hig | 0.55 | 8.4 | 0.00 | Sep 25, 2025 | This vulnerability allows malicious actors to execute arbitrary commands on the underlying system of the Zenitel ICX500 and ICX510 Gateway, granting shell access. Exploitation can compromise the device’s availability, confidentiality, and integrity. | ||
| CVE-2025-64129 | Hig | 0.49 | 7.6 | 0.00 | Nov 26, 2025 | Zenitel TCIV-3+ is vulnerable to an out-of-bounds write vulnerability, which could allow a remote attacker to crash the device. | ||
| CVE-2025-59816 | Hig | 0.47 | 7.3 | 0.00 | Sep 25, 2025 | This vulnerability allows attackers to directly query the underlying database, potentially retrieving all data stored in the Billing Admin database, including user credentials. User passwords are stored in plaintext, significantly increasing the severity of this issue. | ||
| CVE-2018-19926 | Med | 0.40 | 6.1 | 0.01 | Dec 6, 2018 | Zenitel Norway IP-StationWeb before 4.2.3.9 allows reflected XSS via the goform/ PATH_INFO. | ||
| CVE-2024-57784 | Med | 0.36 | 5.5 | 0.01 | Jan 16, 2025 | An issue in the component /php/script_uploads.php of Zenitel AlphaWeb XE v11.2.3.10 allows attackers to execute a directory traversal. | ||
| CVE-2024-57785 | Med | 0.32 | 4.9 | 0.01 | Jan 16, 2025 | Zenitel AlphaWeb XE v11.2.3.10 was discovered to contain a local file inclusion vulnerability via the component amc_uploads.php. | ||
| CVE-2018-19927 | Med | 0.31 | 4.8 | 0.01 | Dec 6, 2018 | Zenitel Norway IP-StationWeb before 4.2.3.9 allows stored XSS via the Display Name for Station Status or Account Settings, related to the goform/zForm_save_changes sip_nick parameter. The password of alphaadmin for the admin account may be used for authentication in some cases. | ||
| CVE-2025-59818 | 0.00 | — | 0.00 | Feb 4, 2026 | This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file name of an uploaded file. | |||
| CVE-2025-64093 | 0.00 | — | 0.01 | Jan 9, 2026 | Remote Code Execution vulnerability that allows unauthenticated attackers to inject arbitrary commands into the hostname of the device. | |||
| CVE-2025-64092 | 0.00 | — | 0.00 | Jan 9, 2026 | This vulnerability allows unauthenticated attackers to inject an SQL request into GET request parameters and directly query the underlying database. | |||
| CVE-2025-64091 | 0.00 | — | 0.00 | Jan 9, 2026 | This vulnerability allows authenticated attackers to execute commands via the NTP-configuration of the device. | |||
| CVE-2025-64090 | 0.00 | — | 0.00 | Jan 9, 2026 | This vulnerability allows authenticated attackers to execute commands via the hostname of the device. |
- risk 0.64cvss 9.8epss 0.01
Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could allow a remote attacker to execute arbitrary JavaScript on the victim's browser.
- risk 0.58cvss 8.8epss 0.05
The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, called AlphaWeb XE, does not restrict file upload in the Custom Scripts section at php/index.php. Neither the content nor extension of the uploaded files is checked, allowing execution of PHP code under the /cmd…
- risk 0.57cvss 8.8epss 0.00
This vulnerability allows malicious actors to gain unauthorized access to the Zenitel ICX500 and ICX510 Gateway Billing Admin endpoint, enabling them to read the entire contents of the Billing Admin database.
- risk 0.55cvss 8.4epss 0.00
This vulnerability allows malicious actors to execute arbitrary commands on the underlying system of the Zenitel ICX500 and ICX510 Gateway, granting shell access. Exploitation can compromise the device’s availability, confidentiality, and integrity.
- risk 0.49cvss 7.6epss 0.00
Zenitel TCIV-3+ is vulnerable to an out-of-bounds write vulnerability, which could allow a remote attacker to crash the device.
- risk 0.47cvss 7.3epss 0.00
This vulnerability allows attackers to directly query the underlying database, potentially retrieving all data stored in the Billing Admin database, including user credentials. User passwords are stored in plaintext, significantly increasing the severity of this issue.
- risk 0.40cvss 6.1epss 0.01
Zenitel Norway IP-StationWeb before 4.2.3.9 allows reflected XSS via the goform/ PATH_INFO.
- risk 0.36cvss 5.5epss 0.01
An issue in the component /php/script_uploads.php of Zenitel AlphaWeb XE v11.2.3.10 allows attackers to execute a directory traversal.
- risk 0.32cvss 4.9epss 0.01
Zenitel AlphaWeb XE v11.2.3.10 was discovered to contain a local file inclusion vulnerability via the component amc_uploads.php.
- risk 0.31cvss 4.8epss 0.01
Zenitel Norway IP-StationWeb before 4.2.3.9 allows stored XSS via the Display Name for Station Status or Account Settings, related to the goform/zForm_save_changes sip_nick parameter. The password of alphaadmin for the admin account may be used for authentication in some cases.
- CVE-2025-59818Feb 4, 2026risk 0.00cvss —epss 0.00
This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file name of an uploaded file.
- CVE-2025-64093Jan 9, 2026risk 0.00cvss —epss 0.01
Remote Code Execution vulnerability that allows unauthenticated attackers to inject arbitrary commands into the hostname of the device.
- CVE-2025-64092Jan 9, 2026risk 0.00cvss —epss 0.00
This vulnerability allows unauthenticated attackers to inject an SQL request into GET request parameters and directly query the underlying database.
- CVE-2025-64091Jan 9, 2026risk 0.00cvss —epss 0.00
This vulnerability allows authenticated attackers to execute commands via the NTP-configuration of the device.
- CVE-2025-64090Jan 9, 2026risk 0.00cvss —epss 0.00
This vulnerability allows authenticated attackers to execute commands via the hostname of the device.