CNNVD-202511-2865 Information
CNNVD ID
CNNVD-202511-2865
Related CVE
- CNNVD Published: 2025-11-26
Description (Chinese)
Zenitel TCIV-3+是挪威Zenitel公司的一个IP对讲终端。 Zenitel TCIV-3+ 9.3.3.0之前版本存在操作系统命令注入漏洞,该漏洞源于输入验证不当,可能导致未经验证的攻击者注入任意命令。
Description (English)
Zenitel TCIV-3+ is an IP chat terminal for Zenitel, Norway. The pre-version of Zenitel TCIV-3+ 9.3.3.0 contains a loophole in the operating system commands, which stems from inappropriate input certification and may lead to the injection of arbitrary orders by uncertified assailants.
Hazard Level
High
Vulnerability Type
操作系统命令注入
Affected Vendor
Zenitel
Published
2025-11-26
Last Modified
2026-02-24
References
https://wiki.zenitel.com/wiki/Downloads#Station_and_Device_Firmware_Package_.28VS-IS.29 https://www.cisa.gov/news-events/ics-advisories/icsa-25-329-03 https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-329-03.json https://access.redhat.com/security/cve/cve-2025-64126
Patch
https://wiki.zenitel.com/wiki/Downloads#Station_and_Device_Firmware_Package_.28VS-IS.29
Share on: