← Back

Zenitel

zenitel

8 CVEs • 9 products

Products (9)

Click to collapse
Toggle
Tcis 3 Firmware
tcis-3_firmware
3 CVEs
Ip Stationweb Firmware
ip-stationweb_firmware
2 CVEs
Icx500 Firmware
icx500_firmware
2 CVEs
Icx510 Firmware
icx510_firmware
2 CVEs
Alphacom Xe Audio Server
alphacom_xe_audio_server
1 CVE
Ip Stationweb
ip-stationweb
0 CVEs
Icx500
icx500
0 CVEs
Icx510
icx510
0 CVEs
Tcis 3
tcis-3
0 CVEs

CVEs (8)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-59818
1Zenitel
1Tcis 3 Firmware
Feb 11, 2026
Feb 4, 2026
N/A· v4
9.8 CRITICAL· v3
N/A· v2
This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file name of an uploaded file.
CVE-2025-64093
1Zenitel
2Icx500 Firmware
Icx510 Firmware
Feb 10, 2026
Jan 9, 2026
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Remote Code Execution vulnerability that allows unauthenticated attackers to inject arbitrary commands into the hostname of the device.
CVE-2025-64092
1Zenitel
2Icx500 Firmware
Icx510 Firmware
Feb 12, 2026
Jan 9, 2026
N/A· v4
7.5 HIGH· v3
N/A· v2
This vulnerability allows unauthenticated attackers to inject an SQL request into GET request parameters and directly query the underlying database.
CVE-2025-64091
1Zenitel
1Tcis 3 Firmware
Feb 12, 2026
Jan 9, 2026
N/A· v4
8.8 HIGH· v3
N/A· v2
This vulnerability allows authenticated attackers to execute commands via the NTP-configuration of the device.
CVE-2025-64090
1Zenitel
1Tcis 3 Firmware
Feb 12, 2026
Jan 9, 2026
N/A· v4
8.8 HIGH· v3
N/A· v2
This vulnerability allows authenticated attackers to execute commands via the hostname of the device.
CVE-2021-40845
1Zenitel
1Alphacom Xe Audio Server
Nov 21, 2024
Sep 15, 2021
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, called AlphaWeb XE, does not restrict file upload in the Custom Scripts section at php/index.php. Neither the content nor extension of the uploaded file...Show more
The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, called AlphaWeb XE, does not restrict file upload in the Custom Scripts section at php/index.php. Neither the content nor extension of the uploaded files is checked, allowing execution of PHP code under the /cmd directory.Show less
CVE-2018-19927
1Zenitel
1Ip Stationweb Firmware
Nov 21, 2024
Dec 6, 2018
N/A· v4
4.8 MEDIUM· v3
3.5 LOW· v2
Zenitel Norway IP-StationWeb before 4.2.3.9 allows stored XSS via the Display Name for Station Status or Account Settings, related to the goform/zForm_save_changes sip_nick parameter. The password of alphaadmin for the a...Show more
Zenitel Norway IP-StationWeb before 4.2.3.9 allows stored XSS via the Display Name for Station Status or Account Settings, related to the goform/zForm_save_changes sip_nick parameter. The password of alphaadmin for the admin account may be used for authentication in some cases.Show less
CVE-2018-19926
1Zenitel
1Ip Stationweb Firmware
Nov 21, 2024
Dec 6, 2018
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Zenitel Norway IP-StationWeb before 4.2.3.9 allows reflected XSS via the goform/ PATH_INFO.