CNNVD-202511-2864 Information
CNNVD ID
CNNVD-202511-2864
Related CVE
- CNNVD Published: 2025-11-26
Description (Chinese)
Zenitel TCIV-3+是挪威Zenitel公司的一个IP对讲终端。 Zenitel TCIV-3+ 9.3.3.0之前版本存在操作系统命令注入漏洞,该漏洞源于用户输入清理不足,可能导致未经验证的攻击者远程执行任意命令。
Description (English)
Zenitel TCIV-3+ is an IP chat terminal for Zenitel, Norway. Zenitel TCIV-3+9.3.0 had a gap in the operating system commands, which stemmed from inadequate user input clean-up, which could lead to the remote execution of arbitrary orders by unverified attackers.
Hazard Level
Low
Vulnerability Type
操作系统命令注入
Affected Vendor
Zenitel
Published
2025-11-26
Last Modified
2026-02-24
References
https://wiki.zenitel.com/wiki/Downloads#Station_and_Device_Firmware_Package_.28VS-IS.29 https://www.cisa.gov/news-events/ics-advisories/icsa-25-329-03 https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-329-03.json https://access.redhat.com/security/cve/cve-2025-64127
Patch
https://wiki.zenitel.com/wiki/Downloads#Station_and_Device_Firmware_Package_.28VS-IS.29
Share on: