MidnightBSD

Advisories for zenitel

CVE-2018-19926 MEDIUM

Zenitel Norway IP-StationWeb before 4.2.3.9 allows reflected XSS via the goform/ PATH_INFO.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
zenitel ip-stationweb_firmware *
CVE-2018-19927 LOW

Zenitel Norway IP-StationWeb before 4.2.3.9 allows stored XSS via the Display Name for Station Status or Account Settings, related to the goform/zForm_save_changes sip_nick parameter. The password of alphaadmin for the admin account may be used for authentication in some cases.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
zenitel ip-stationweb_firmware *
CVE-2021-40845 MEDIUM

The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, called AlphaWeb XE, does not restrict file upload in the Custom Scripts section at php/index.php. Neither the content nor extension of the uploaded files is checked, allowing execution of PHP code under the /cmd directory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-434,

Products Affected

Vendor Product Version
zenitel alphacom_xe_audio_server *
CVE-2025-59818

This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file name of an uploaded file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cert@ncsc.nl 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0

Products Affected

Vendor Product Version
zenitel tcis-3_firmware *
CVE-2025-64090

This vulnerability allows authenticated attackers to execute commands via the hostname of the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cert@ncsc.nl 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0

Products Affected

Vendor Product Version
zenitel tcis-3_firmware *
CVE-2025-64091

This vulnerability allows authenticated attackers to execute commands via the NTP-configuration of the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cert@ncsc.nl 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N 3.9 4.0

Products Affected

Vendor Product Version
zenitel tcis-3_firmware *
CVE-2025-64092

This vulnerability allows unauthenticated attackers to inject an SQL request into GET request parameters and directly query the underlying database.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cert@ncsc.nl 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
zenitel icx500_firmware *
zenitel icx510_firmware *
CVE-2025-64093

Remote Code Execution vulnerability that allows unauthenticated attackers to inject arbitrary commands into the hostname of the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cert@ncsc.nl 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0

Products Affected

Vendor Product Version
zenitel icx500_firmware *
zenitel icx510_firmware *