Filtered by vendor Infinera
Subscriptions
Total
13 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-26488 | 1 Infinera | 1 Mtc-9 | 2025-12-09 | 7.5 High |
| Improper Input Validation vulnerability in Infinera MTC-9 allows remote unauthenticated users to crash the service and cause a reboot of the appliance, thus causing a DoS condition, via crafted XML payloads.This issue affects MTC-9: from R22.1.1.0275 before R23.0. | ||||
| CVE-2025-26487 | 1 Infinera | 1 Mtc-9 | 2025-12-09 | 8.6 High |
| Server-Side Request Forgery (SSRF) vulnerability in Infinera MTC-9 version allows remote unauthenticated users to gain access to other network resources using HTTPS requests through the appliance used as a bridge. | ||||
| CVE-2025-26489 | 1 Infinera | 1 Mtc-9 | 2025-12-09 | 6.5 Medium |
| Improper input validation in the Netconf service in Infinera MTC-9 allows remote authenticated users to crash the service and reboot the appliance, thus causing a DoS condition, via crafted XML payloads.This issue affects MTC-9: from R22.1.1.0275 before R23.0. | ||||
| CVE-2025-27019 | 1 Infinera | 1 Mtc-9 | 2025-12-09 | 9.8 Critical |
| Remote shell service (RSH) in Infinera MTC-9 version R22.1.1.0275 allows an attacker to utilize password-less user accounts and obtain system access by activating a reverse shell.This issue affects MTC-9: from R22.1.1.0275 before R23.0. | ||||
| CVE-2025-27020 | 1 Infinera | 1 Mtc-9 | 2025-12-09 | 9.8 Critical |
| Improper configuration of the SSH service in Infinera MTC-9 allows an unauthenticated attacker to execute arbitrary commands and access data on file system . This issue affects MTC-9: from R22.1.1.0275 before R23.0. | ||||
| CVE-2024-25659 | 2 Infinera, Nokia | 2 Tnms, Transcend Network Management System | 2025-07-03 | 7.2 High |
| In Infinera TNMS (Transcend Network Management System) 19.10.3, an insecure default configuration of the internal SFTP server on Linux servers allows remote attacker to access files and directories outside the SFTP user home directory. | ||||
| CVE-2024-25660 | 2 Infinera, Nokia | 2 Tnms, Transcend Network Management System | 2025-07-03 | 9 Critical |
| The WebDAV service in Infinera TNMS (Transcend Network Management System) 19.10.3 allows a low-privileged remote attacker to conduct unauthorized file operations, because of execution with unnecessary privileges. | ||||
| CVE-2024-28809 | 2 Infinera, Nokia | 3 Hit 7300, Hit 7300, Hit 7300 Firmware | 2025-05-30 | 8.8 High |
| An issue was discovered in Infinera hiT 7300 5.60.50. Cleartext storage of sensitive password in firmware update packages allows attackers to access various appliance services via hardcoded credentials. | ||||
| CVE-2024-28810 | 2 Infinera, Nokia | 3 Hit 7300, Hit 7300, Hit 7300 Firmware | 2025-05-30 | 6.6 Medium |
| An issue was discovered in Infinera hiT 7300 5.60.50. Sensitive information inside diagnostic files (exported by the @CT application) allows an attacker to achieve loss of confidentiality by analyzing these files. | ||||
| CVE-2024-28812 | 2 Infinera, Nokia | 3 Hit 7300, Hit 7300, Hit 7300 Firmware | 2025-05-30 | 8.8 High |
| An issue was discovered in Infinera hiT 7300 5.60.50. A hidden SSH service (on the local management network interface) with hardcoded credentials allows attackers to access the appliance operating system (with highest privileges) via an SSH connection. | ||||
| CVE-2024-28813 | 2 Infinera, Nokia | 3 Hit 7300, Hit 7300, Hit 7300 Firmware | 2025-05-30 | 8.4 High |
| An issue was discovered in Infinera hiT 7300 5.60.50. Undocumented privileged functions in the @CT management application allow an attacker to activate remote SSH access to the appliance via an unexpected network interface. | ||||
| CVE-2024-28807 | 2 Infinera, Nokia | 3 Hit 7300, Hit 7300, Hit 7300 Firmware | 2025-05-30 | 6.5 Medium |
| An issue was discovered in Infinera hiT 7300 5.60.50. Cleartext storage of sensitive information in the memory of the @CT desktop management application allows guest OS administrators to obtain various users' passwords by accessing memory dumps of the desktop application. | ||||
| CVE-2024-25661 | 1 Infinera | 1 Tnms | 2024-10-04 | 7.7 High |
| In Infinera TNMS (Transcend Network Management System) 19.10.3, cleartext storage of sensitive information in memory of the desktop application TNMS Client allows guest OS administrators to obtain various users' passwords by reading memory dumps of the desktop application. | ||||
Page 1 of 1.