Primary

Context

Zenitel ICX500 and ICX510 Gateway Unauthorized Database Access Vulnerability

Vulnerability

A vulnerability exists in the Zenitel ICX500 and ICX510 Gateway Billing Admin endpoint, allowing unauthorized access to the Billing Admin database. This issue arises from a lack of proper authentication or authorization, enabling malicious actors to read the entire contents of the database.

Impact

Exploitation of this vulnerability could lead to unauthorized access and disclosure of sensitive billing information stored in the database.

Remediation

Users can upgrade to Zenitel ICX version 1.4.3.3, released on September 15, 2025, which includes security fixes and re-enables the billing web interface. Instructions for upgrading the ICX-500/510 can be found on the Zenitel Wiki.

Added: Sep 25, 2025, 8:19 PM

Updated: Sep 25, 2025, 8:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.6

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.6

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Zenitel ICX500 and ICX510 Gateway Unauthorized Database Access Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating