VYPR
Unrated severityNVD Advisory· Published Jul 2, 2025· Updated Jul 2, 2025

Improper Access Control Granularity impacting Infinera G42

CVE-2025-27026

Description

A missing double-check feature in the WebGUI for CLI deactivation in Infinera G42 version R6.1.3 allows an authenticated administrator to make other management interfaces unavailable via local and network interfaces. The CLI deactivation via the WebGUI does not only stop CLI interface but deactivates also Linux Shell, WebGUI and Physical Serial Console access. No confirmation is asked at deactivation time. Loosing access to these services device administrators are at risk of completely loosing device control.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Infinera/G42llm-create2 versions
    = R6.1.3+ 1 more
    • (no CPE)range: = R6.1.3
    • (no CPE)range: 6.1.3

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.