Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for TCIS-3+ by Zenitel

    CVE-2025-59818 (GCVE-0-2025-59818)

    Vulnerability from nvd – Published: 2026-02-04 10:26 – Updated: 2026-02-04 15:10
    VLAI
    Title
    Authenticated Remote Code Execution via the file name of an uploaded file
    Summary
    This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file name of an uploaded file.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Zenitel TCIS-3+ Affected: <9.2.3.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-59818",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-04T15:10:41.114193Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-77",
                    "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-04T15:10:45.940Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TCIS-3+",
              "vendor": "Zenitel",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c9.2.3.3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file name of an uploaded file."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 10,
                "environmentalSeverity": "CRITICAL",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "HIGH",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "NETWORK",
                "modifiedAvailabilityImpact": "HIGH",
                "modifiedConfidentialityImpact": "HIGH",
                "modifiedIntegrityImpact": "HIGH",
                "modifiedPrivilegesRequired": "NONE",
                "modifiedScope": "CHANGED",
                "modifiedUserInteraction": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "CHANGED",
                "temporalScore": 10,
                "temporalSeverity": "CRITICAL",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-04T10:26:53.102Z",
            "orgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
            "shortName": "NCSC-NL"
          },
          "references": [
            {
              "name": "Zenitel Release Notes Turbine",
              "tags": [
                "release-notes"
              ],
              "url": "https://wiki.zenitel.com/wiki/Turbine_9.3_-_Release_notes"
            },
            {
              "name": "Zenitel Security Advisory",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.zenitel.com/sites/default/files/2025-12/A100K12333%20Zenitel%20Security%20Advisory.pdf"
            },
            {
              "name": "Zenitel Release Notes Fortitude8",
              "tags": [
                "release-notes"
              ],
              "url": "https://wiki.zenitel.com/wiki/VSF-Fortitude8_9.3_Release_Notes"
            },
            {
              "name": "Zenitel Release Notes ZIPS",
              "tags": [
                "release-notes"
              ],
              "url": "https://wiki.zenitel.com/wiki/ZIPS_9.3_-_Release_notes"
            },
            {
              "name": "Zenitel Release Notes Fortitude6",
              "tags": [
                "release-notes"
              ],
              "url": "https://wiki.zenitel.com/wiki/VSF-Fortitude6_9.3_Release_Notes"
            },
            {
              "name": "Zenitel Release Notes Display Series",
              "tags": [
                "release-notes"
              ],
              "url": "https://wiki.zenitel.com/wiki/VSF-Display_Series_9.3_Release_Notes"
            }
          ],
          "title": "Authenticated Remote Code Execution via the file name of an uploaded file",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
        "assignerShortName": "NCSC-NL",
        "cveId": "CVE-2025-59818",
        "datePublished": "2026-02-04T10:26:53.102Z",
        "dateReserved": "2025-09-22T10:23:28.574Z",
        "dateUpdated": "2026-02-04T15:10:45.940Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-64091 (GCVE-0-2025-64091)

    Vulnerability from nvd – Published: 2026-01-09 10:00 – Updated: 2026-01-09 17:57
    VLAI
    Title
    Authenticated Remote Code Execution in the NTP-configuration
    Summary
    This vulnerability allows authenticated attackers to execute commands via the NTP-configuration of the device.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Zenitel TCIS-3+ Affected: <9.2.3.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-64091",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-09T17:57:26.580387Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-78",
                    "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-09T17:57:30.485Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TCIS-3+",
              "vendor": "Zenitel",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c9.2.3.3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "This vulnerability allows authenticated attackers to execute commands via the NTP-configuration of the device."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 8.6,
                "environmentalSeverity": "HIGH",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "NONE",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "NETWORK",
                "modifiedAvailabilityImpact": "NONE",
                "modifiedConfidentialityImpact": "HIGH",
                "modifiedIntegrityImpact": "NONE",
                "modifiedPrivilegesRequired": "NONE",
                "modifiedScope": "CHANGED",
                "modifiedUserInteraction": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "CHANGED",
                "temporalScore": 8.6,
                "temporalSeverity": "HIGH",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-09T10:00:45.414Z",
            "orgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
            "shortName": "NCSC-NL"
          },
          "references": [
            {
              "name": "Zenitel Security Advisory",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.zenitel.com/sites/default/files/2025-12/A100K12333%20Zenitel%20Security%20Advisory.pdf"
            }
          ],
          "title": "Authenticated Remote Code Execution in the NTP-configuration",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
        "assignerShortName": "NCSC-NL",
        "cveId": "CVE-2025-64091",
        "datePublished": "2026-01-09T10:00:45.414Z",
        "dateReserved": "2025-10-27T09:43:10.201Z",
        "dateUpdated": "2026-01-09T17:57:30.485Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-64090 (GCVE-0-2025-64090)

    Vulnerability from nvd – Published: 2026-01-09 09:59 – Updated: 2026-01-09 18:01
    VLAI
    Title
    Authenticated Remote Code Execution in device hostname
    Summary
    This vulnerability allows authenticated attackers to execute commands via the hostname of the device.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Zenitel TCIS-3+ Affected: <9.2.3.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-64090",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-09T18:00:44.701618Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-77",
                    "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-09T18:01:00.742Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TCIS-3+",
              "vendor": "Zenitel",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c9.2.3.3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "This vulnerability allows authenticated attackers to execute commands via the hostname of the device."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 10,
                "environmentalSeverity": "CRITICAL",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "HIGH",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "NETWORK",
                "modifiedAvailabilityImpact": "HIGH",
                "modifiedConfidentialityImpact": "HIGH",
                "modifiedIntegrityImpact": "HIGH",
                "modifiedPrivilegesRequired": "NONE",
                "modifiedScope": "CHANGED",
                "modifiedUserInteraction": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "CHANGED",
                "temporalScore": 10,
                "temporalSeverity": "CRITICAL",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-09T09:59:58.839Z",
            "orgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
            "shortName": "NCSC-NL"
          },
          "references": [
            {
              "name": "Zenitel Security Advisory",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.zenitel.com/sites/default/files/2025-12/A100K12333%20Zenitel%20Security%20Advisory.pdf"
            }
          ],
          "title": "Authenticated Remote Code Execution in device hostname",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
        "assignerShortName": "NCSC-NL",
        "cveId": "CVE-2025-64090",
        "datePublished": "2026-01-09T09:59:58.839Z",
        "dateReserved": "2025-10-27T09:43:10.200Z",
        "dateUpdated": "2026-01-09T18:01:00.742Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-59817 (GCVE-0-2025-59817)

    Vulnerability from nvd – Published: 2025-09-25 19:30 – Updated: 2025-09-29 17:11
    VLAI
    Title
    Authenticated Remote Code Execution in zForm_auto_config
    Summary
    This vulnerability allows attackers to execute arbitrary commands on the underlying system. Because the web portal runs with root privileges, successful exploitation grants full control over the device, potentially compromising its availability, confidentiality, and integrity.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Zenitel TCIS-3+ Affected: <9.2.3.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-59817",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-29T17:11:29.261773Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-29T17:11:42.964Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TCIS-3+",
              "vendor": "Zenitel",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c9.2.3.3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "This vulnerability allows attackers to execute arbitrary commands on the underlying system. Because the web portal runs with root privileges, successful exploitation grants full control over the device, potentially compromising its availability, confidentiality, and integrity."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 8.5,
                "environmentalSeverity": "HIGH",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "HIGH",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "ADJACENT_NETWORK",
                "modifiedAvailabilityImpact": "HIGH",
                "modifiedConfidentialityImpact": "HIGH",
                "modifiedIntegrityImpact": "HIGH",
                "modifiedPrivilegesRequired": "HIGH",
                "modifiedScope": "CHANGED",
                "modifiedUserInteraction": "NONE",
                "privilegesRequired": "HIGH",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "CHANGED",
                "temporalScore": 8.4,
                "temporalSeverity": "HIGH",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-26T05:47:42.690Z",
            "orgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
            "shortName": "NCSC-NL"
          },
          "references": [
            {
              "name": "Zenitel",
              "tags": [
                "patch"
              ],
              "url": "https://wiki.zenitel.com/wiki/Downloads#Stations_and_Devices"
            }
          ],
          "title": "Authenticated Remote Code Execution in zForm_auto_config"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
        "assignerShortName": "NCSC-NL",
        "cveId": "CVE-2025-59817",
        "datePublished": "2025-09-25T19:30:15.139Z",
        "dateReserved": "2025-09-22T10:23:28.574Z",
        "dateUpdated": "2025-09-29T17:11:42.964Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-59818 (GCVE-0-2025-59818)

    Vulnerability from cvelistv5 – Published: 2026-02-04 10:26 – Updated: 2026-02-04 15:10
    VLAI
    Title
    Authenticated Remote Code Execution via the file name of an uploaded file
    Summary
    This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file name of an uploaded file.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Zenitel TCIS-3+ Affected: <9.2.3.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-59818",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-04T15:10:41.114193Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-77",
                    "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-04T15:10:45.940Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TCIS-3+",
              "vendor": "Zenitel",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c9.2.3.3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file name of an uploaded file."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 10,
                "environmentalSeverity": "CRITICAL",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "HIGH",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "NETWORK",
                "modifiedAvailabilityImpact": "HIGH",
                "modifiedConfidentialityImpact": "HIGH",
                "modifiedIntegrityImpact": "HIGH",
                "modifiedPrivilegesRequired": "NONE",
                "modifiedScope": "CHANGED",
                "modifiedUserInteraction": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "CHANGED",
                "temporalScore": 10,
                "temporalSeverity": "CRITICAL",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-04T10:26:53.102Z",
            "orgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
            "shortName": "NCSC-NL"
          },
          "references": [
            {
              "name": "Zenitel Release Notes Turbine",
              "tags": [
                "release-notes"
              ],
              "url": "https://wiki.zenitel.com/wiki/Turbine_9.3_-_Release_notes"
            },
            {
              "name": "Zenitel Security Advisory",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.zenitel.com/sites/default/files/2025-12/A100K12333%20Zenitel%20Security%20Advisory.pdf"
            },
            {
              "name": "Zenitel Release Notes Fortitude8",
              "tags": [
                "release-notes"
              ],
              "url": "https://wiki.zenitel.com/wiki/VSF-Fortitude8_9.3_Release_Notes"
            },
            {
              "name": "Zenitel Release Notes ZIPS",
              "tags": [
                "release-notes"
              ],
              "url": "https://wiki.zenitel.com/wiki/ZIPS_9.3_-_Release_notes"
            },
            {
              "name": "Zenitel Release Notes Fortitude6",
              "tags": [
                "release-notes"
              ],
              "url": "https://wiki.zenitel.com/wiki/VSF-Fortitude6_9.3_Release_Notes"
            },
            {
              "name": "Zenitel Release Notes Display Series",
              "tags": [
                "release-notes"
              ],
              "url": "https://wiki.zenitel.com/wiki/VSF-Display_Series_9.3_Release_Notes"
            }
          ],
          "title": "Authenticated Remote Code Execution via the file name of an uploaded file",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
        "assignerShortName": "NCSC-NL",
        "cveId": "CVE-2025-59818",
        "datePublished": "2026-02-04T10:26:53.102Z",
        "dateReserved": "2025-09-22T10:23:28.574Z",
        "dateUpdated": "2026-02-04T15:10:45.940Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-64091 (GCVE-0-2025-64091)

    Vulnerability from cvelistv5 – Published: 2026-01-09 10:00 – Updated: 2026-01-09 17:57
    VLAI
    Title
    Authenticated Remote Code Execution in the NTP-configuration
    Summary
    This vulnerability allows authenticated attackers to execute commands via the NTP-configuration of the device.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Zenitel TCIS-3+ Affected: <9.2.3.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-64091",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-09T17:57:26.580387Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-78",
                    "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-09T17:57:30.485Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TCIS-3+",
              "vendor": "Zenitel",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c9.2.3.3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "This vulnerability allows authenticated attackers to execute commands via the NTP-configuration of the device."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 8.6,
                "environmentalSeverity": "HIGH",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "NONE",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "NETWORK",
                "modifiedAvailabilityImpact": "NONE",
                "modifiedConfidentialityImpact": "HIGH",
                "modifiedIntegrityImpact": "NONE",
                "modifiedPrivilegesRequired": "NONE",
                "modifiedScope": "CHANGED",
                "modifiedUserInteraction": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "CHANGED",
                "temporalScore": 8.6,
                "temporalSeverity": "HIGH",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-09T10:00:45.414Z",
            "orgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
            "shortName": "NCSC-NL"
          },
          "references": [
            {
              "name": "Zenitel Security Advisory",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.zenitel.com/sites/default/files/2025-12/A100K12333%20Zenitel%20Security%20Advisory.pdf"
            }
          ],
          "title": "Authenticated Remote Code Execution in the NTP-configuration",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
        "assignerShortName": "NCSC-NL",
        "cveId": "CVE-2025-64091",
        "datePublished": "2026-01-09T10:00:45.414Z",
        "dateReserved": "2025-10-27T09:43:10.201Z",
        "dateUpdated": "2026-01-09T17:57:30.485Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-64090 (GCVE-0-2025-64090)

    Vulnerability from cvelistv5 – Published: 2026-01-09 09:59 – Updated: 2026-01-09 18:01
    VLAI
    Title
    Authenticated Remote Code Execution in device hostname
    Summary
    This vulnerability allows authenticated attackers to execute commands via the hostname of the device.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Zenitel TCIS-3+ Affected: <9.2.3.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-64090",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-09T18:00:44.701618Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-77",
                    "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-09T18:01:00.742Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TCIS-3+",
              "vendor": "Zenitel",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c9.2.3.3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "This vulnerability allows authenticated attackers to execute commands via the hostname of the device."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 10,
                "environmentalSeverity": "CRITICAL",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "HIGH",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "NETWORK",
                "modifiedAvailabilityImpact": "HIGH",
                "modifiedConfidentialityImpact": "HIGH",
                "modifiedIntegrityImpact": "HIGH",
                "modifiedPrivilegesRequired": "NONE",
                "modifiedScope": "CHANGED",
                "modifiedUserInteraction": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "CHANGED",
                "temporalScore": 10,
                "temporalSeverity": "CRITICAL",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-09T09:59:58.839Z",
            "orgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
            "shortName": "NCSC-NL"
          },
          "references": [
            {
              "name": "Zenitel Security Advisory",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.zenitel.com/sites/default/files/2025-12/A100K12333%20Zenitel%20Security%20Advisory.pdf"
            }
          ],
          "title": "Authenticated Remote Code Execution in device hostname",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
        "assignerShortName": "NCSC-NL",
        "cveId": "CVE-2025-64090",
        "datePublished": "2026-01-09T09:59:58.839Z",
        "dateReserved": "2025-10-27T09:43:10.200Z",
        "dateUpdated": "2026-01-09T18:01:00.742Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-59817 (GCVE-0-2025-59817)

    Vulnerability from cvelistv5 – Published: 2025-09-25 19:30 – Updated: 2025-09-29 17:11
    VLAI
    Title
    Authenticated Remote Code Execution in zForm_auto_config
    Summary
    This vulnerability allows attackers to execute arbitrary commands on the underlying system. Because the web portal runs with root privileges, successful exploitation grants full control over the device, potentially compromising its availability, confidentiality, and integrity.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Zenitel TCIS-3+ Affected: <9.2.3.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-59817",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-29T17:11:29.261773Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-29T17:11:42.964Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TCIS-3+",
              "vendor": "Zenitel",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c9.2.3.3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "This vulnerability allows attackers to execute arbitrary commands on the underlying system. Because the web portal runs with root privileges, successful exploitation grants full control over the device, potentially compromising its availability, confidentiality, and integrity."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 8.5,
                "environmentalSeverity": "HIGH",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "HIGH",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "ADJACENT_NETWORK",
                "modifiedAvailabilityImpact": "HIGH",
                "modifiedConfidentialityImpact": "HIGH",
                "modifiedIntegrityImpact": "HIGH",
                "modifiedPrivilegesRequired": "HIGH",
                "modifiedScope": "CHANGED",
                "modifiedUserInteraction": "NONE",
                "privilegesRequired": "HIGH",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "CHANGED",
                "temporalScore": 8.4,
                "temporalSeverity": "HIGH",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-26T05:47:42.690Z",
            "orgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
            "shortName": "NCSC-NL"
          },
          "references": [
            {
              "name": "Zenitel",
              "tags": [
                "patch"
              ],
              "url": "https://wiki.zenitel.com/wiki/Downloads#Stations_and_Devices"
            }
          ],
          "title": "Authenticated Remote Code Execution in zForm_auto_config"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
        "assignerShortName": "NCSC-NL",
        "cveId": "CVE-2025-59817",
        "datePublished": "2025-09-25T19:30:15.139Z",
        "dateReserved": "2025-09-22T10:23:28.574Z",
        "dateUpdated": "2025-09-29T17:11:42.964Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }