Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

zenitel — Vulnerabilities & Security Advisories 15

Browse all 15 CVE security advisories affecting zenitel. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Zenitel develops critical communication systems including intercom and emergency notification solutions used in high-security environments. Historically, their products have faced vulnerabilities across multiple classes, including remote code execution, cross-site scripting, and privilege escalation, with 15 CVEs documented. Security researchers have identified authentication bypass flaws and insecure default configurations in their systems. While no major public security incidents have been widely reported, the consistent presence of vulnerabilities in their products suggests potential risks for organizations relying on these systems for safety and security communications. Regular patching and security assessments are recommended for deployments using Zenitel equipment.

Top products by zenitel: ICX500 TCIV-3+ TCIS-3+ alphacom_xe_audio_server
CVE IDTitleCVSSSeverityPublished
CVE-2025-59819 Authenticated Arbitrary File Read via filepath parameter — alphacom_xe_audio_server 6.5 Medium2026-02-20
CVE-2025-59818 Authenticated Remote Code Execution via the file name of an uploaded file — TCIS-3+ 10.0 Critical2026-02-04
CVE-2025-64093 Unauthenticated Remote Code Execution via the device hostname — ICX500 10.0 Critical2026-01-09
CVE-2025-64092 Unauthenticated SQL injection via GET request parameters — ICX500 7.5 High2026-01-09
CVE-2025-64091 Authenticated Remote Code Execution in the NTP-configuration — TCIS-3+ 8.6 High2026-01-09
CVE-2025-64090 Authenticated Remote Code Execution in device hostname — TCIS-3+ 10.0 Critical2026-01-09
CVE-2025-64130 Zenitel TCIV-3+ Cross-site Scripting — TCIV-3+CWE-79 9.8 Critical2025-11-26
CVE-2025-64129 Zenitel TCIV-3+ Out-of-bounds Write — TCIV-3+CWE-787 7.6 High2025-11-26
CVE-2025-64128 Zenitel TCIV-3+ OS Command Injection — TCIV-3+CWE-78 10.0 Critical2025-11-26
CVE-2025-64127 Zenitel TCIV-3+ OS Command Injection — TCIV-3+CWE-78 10.0 Critical2025-11-26
CVE-2025-64126 Zenitel TCIV-3+ OS Command Injection — TCIV-3+CWE-78 10.0 Critical2025-11-26
CVE-2025-59817 Authenticated Remote Code Execution in zForm_auto_config — TCIS-3+CWE-77 8.4 High2025-09-25
CVE-2025-59816 Authenticated Union based SQL-injection in the search input field — ICX500CWE-89 7.3 High2025-09-25
CVE-2025-59815 Authenticated Remote Code Execution in the Billing Administration portal — ICX500CWE-77 8.4 High2025-09-25
CVE-2025-59814 Unauthenticated SQL-injection in password field — ICX500CWE-89 8.8 High2025-09-25

This page lists every published CVE security advisory associated with zenitel. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.