Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-26487 | 1 Nokia | 2 Infinera Mtc-9, Infinera Mtc-9 Firmware | 2025-12-22 | N/A | 8.6 HIGH |
| Server-Side Request Forgery (SSRF) vulnerability in Infinera MTC-9 version allows remote unauthenticated users to gain access to other network resources using HTTPS requests through the appliance used as a bridge. | |||||
| CVE-2025-26488 | 1 Nokia | 2 Infinera Mtc-9, Infinera Mtc-9 Firmware | 2025-12-22 | N/A | 7.5 HIGH |
| Improper Input Validation vulnerability in Infinera MTC-9 allows remote unauthenticated users to crash the service and cause a reboot of the appliance, thus causing a DoS condition, via crafted XML payloads.This issue affects MTC-9: from R22.1.1.0275 before R23.0. | |||||
| CVE-2025-26489 | 1 Nokia | 2 Infinera Mtc-9, Infinera Mtc-9 Firmware | 2025-12-22 | N/A | 6.5 MEDIUM |
| Improper input validation in the Netconf service in Infinera MTC-9 allows remote authenticated users to crash the service and reboot the appliance, thus causing a DoS condition, via crafted XML payloads.This issue affects MTC-9: from R22.1.1.0275 before R23.0. | |||||
| CVE-2025-27019 | 1 Nokia | 2 Infinera Mtc-9, Infinera Mtc-9 Firmware | 2025-12-22 | N/A | 9.8 CRITICAL |
| Remote shell service (RSH) in Infinera MTC-9 version R22.1.1.0275 allows an attacker to utilize password-less user accounts and obtain system access by activating a reverse shell.This issue affects MTC-9: from R22.1.1.0275 before R23.0. | |||||
| CVE-2025-27020 | 1 Nokia | 2 Infinera Mtc-9, Infinera Mtc-9 Firmware | 2025-12-22 | N/A | 9.8 CRITICAL |
| Improper configuration of the SSH service in Infinera MTC-9 allows an unauthenticated attacker to execute arbitrary commands and access data on file system . This issue affects MTC-9: from R22.1.1.0275 before R23.0. | |||||