Infinera
Products
7- 7 CVEs
- 5 CVEs
- 5 CVEs
- 4 CVEs
- 3 CVEs
- 1 CVE
- 1 CVE
Recent CVEs
24| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-0416 | Hig | 0.58 | — | 0.00 | Apr 1, 2025 | Local privilege escalation through insecure DCOM configuration in Valmet DNA versions prior to C2023. The DCOM object Valmet DNA Engineering has permissions that allow it to run commands as a user with the SeImpersonatePrivilege privilege. The SeImpersonatePrivilege privilege… | ||
| CVE-2025-0418 | Med | 0.34 | — | 0.00 | Apr 1, 2025 | Valmet DNA user passwords in plain text. This practice poses a security risk as attackers who gain access to local project data can read the passwords. | ||
| CVE-2025-10258 | 0.00 | — | 0.00 | Feb 5, 2026 | Infinera DNA is vulnerable to a time-based SQL injection vulnerability due to insufficient input validation, which may result in leaking of sensitive information. | |||
| CVE-2025-27020 | 0.00 | — | 0.00 | Dec 8, 2025 | Improper configuration of the SSH service in Infinera MTC-9 allows an unauthenticated attacker to execute arbitrary commands and access data on file system . This issue affects MTC-9: from R22.1.1.0275 before R23.0. | |||
| CVE-2025-27019 | 0.00 | — | 0.00 | Dec 8, 2025 | Remote shell service (RSH) in Infinera MTC-9 version R22.1.1.0275 allows an attacker to utilize password-less user accounts and obtain system access by activating a reverse shell.This issue affects MTC-9: from R22.1.1.0275 before R23.0. | |||
| CVE-2025-26489 | 0.00 | — | 0.00 | Dec 8, 2025 | Improper input validation in the Netconf service in Infinera MTC-9 allows remote authenticated users to crash the service and reboot the appliance, thus causing a DoS condition, via crafted XML payloads.This issue affects MTC-9: from R22.1.1.0275 before R23.0. | |||
| CVE-2025-26488 | 0.00 | — | 0.00 | Dec 8, 2025 | Improper Input Validation vulnerability in Infinera MTC-9 allows remote unauthenticated users to crash the service and cause a reboot of the appliance, thus causing a DoS condition, via crafted XML payloads.This issue affects MTC-9: from R22.1.1.0275 before R23.0. | |||
| CVE-2025-26487 | 0.00 | — | 0.00 | Dec 8, 2025 | Server-Side Request Forgery (SSRF) vulnerability in Infinera MTC-9 version allows remote unauthenticated users to gain access to other network resources using HTTPS requests through the appliance used as a bridge. | |||
| CVE-2025-27026 | 0.00 | — | 0.00 | Jul 2, 2025 | A missing double-check feature in the WebGUI for CLI deactivation in Infinera G42 version R6.1.3 allows an authenticated administrator to make other management interfaces unavailable via local and network interfaces. The CLI deactivation via the WebGUI does not only stop CLI… | |||
| CVE-2025-27024 | 0.00 | — | 0.00 | Jul 2, 2025 | Unrestricted access to OS file system in SFTP service in Infinera G42 version R6.1.3 allows remote authenticated users to read/write OS files via SFTP connections. Details: Account members of the Network Administrator profile can access the target machine via SFTP with the… | |||
| CVE-2025-27023 | 0.00 | — | 0.00 | Jul 2, 2025 | Lack or insufficent input validation in WebGUI CLI web in Infinera G42 version R6.1.3 allows remote authenticated users to read all OS files via crafted CLI commands. Details: The web interface based management of the Infinera G42 appliance enables the feature of executing… | |||
| CVE-2025-27022 | 0.00 | — | 0.00 | Jul 2, 2025 | A path traversal vulnerability of the WebGUI HTTP endpoint in Infinera G42 version R6.1.3 allows remote authenticated users to download all OS files via HTTP requests. Details: Lack or insufficient validation of user-supplied input allows authenticated users to access all… | |||
| CVE-2025-27021 | 0.00 | — | 0.00 | Jul 2, 2025 | The misconfiguration in the sudoers configuration of the operating system in Infinera G42 version R6.1.3 allows low privileged OS users to read/write physical memory via devmem command line tool. This could allow sensitive information disclosure, denial of service, and… | |||
| CVE-2024-25659 | 0.00 | — | 0.01 | Oct 1, 2024 | In Infinera TNMS (Transcend Network Management System) 19.10.3, an insecure default configuration of the internal SFTP server on Linux servers allows remote attacker to access files and directories outside the SFTP user home directory. | |||
| CVE-2024-25658 | 0.00 | — | 0.00 | Oct 1, 2024 | Cleartext storage of passwords in Infinera TNMS (Transcend Network Management System) Server 19.10.3 allows attackers (with access to the database or exported configuration files) to obtain SNMP users' usernames and passwords in cleartext. | |||
| CVE-2024-25660 | 0.00 | — | 0.01 | Oct 1, 2024 | The WebDAV service in Infinera TNMS (Transcend Network Management System) 19.10.3 allows a low-privileged remote attacker to conduct unauthorized file operations, because of execution with unnecessary privileges. | |||
| CVE-2024-25661 | 0.00 | — | 0.00 | Oct 1, 2024 | In Infinera TNMS (Transcend Network Management System) 19.10.3, cleartext storage of sensitive information in memory of the desktop application TNMS Client allows guest OS administrators to obtain various users' passwords by reading memory dumps of the desktop application. | |||
| CVE-2024-28811 | 0.00 | — | 0.00 | Sep 30, 2024 | An issue was discovered in Infinera hiT 7300 5.60.50. A web application allows a remote privileged attacker to execute applications contained in a specific OS directory via HTTP invocations. | |||
| CVE-2024-28808 | 0.00 | — | 0.00 | Sep 30, 2024 | An issue was discovered in Infinera hiT 7300 5.60.50. Hidden functionality in the web interface allows a remote authenticated attacker to access reserved information by accessing undocumented web applications. | |||
| CVE-2024-28813 | 0.00 | — | 0.00 | Sep 30, 2024 | An issue was discovered in Infinera hiT 7300 5.60.50. Undocumented privileged functions in the @CT management application allow an attacker to activate remote SSH access to the appliance via an unexpected network interface. |
- risk 0.58cvss —epss 0.00
Local privilege escalation through insecure DCOM configuration in Valmet DNA versions prior to C2023. The DCOM object Valmet DNA Engineering has permissions that allow it to run commands as a user with the SeImpersonatePrivilege privilege. The SeImpersonatePrivilege privilege…
- risk 0.34cvss —epss 0.00
Valmet DNA user passwords in plain text. This practice poses a security risk as attackers who gain access to local project data can read the passwords.
- CVE-2025-10258Feb 5, 2026risk 0.00cvss —epss 0.00
Infinera DNA is vulnerable to a time-based SQL injection vulnerability due to insufficient input validation, which may result in leaking of sensitive information.
- CVE-2025-27020Dec 8, 2025risk 0.00cvss —epss 0.00
Improper configuration of the SSH service in Infinera MTC-9 allows an unauthenticated attacker to execute arbitrary commands and access data on file system . This issue affects MTC-9: from R22.1.1.0275 before R23.0.
- CVE-2025-27019Dec 8, 2025risk 0.00cvss —epss 0.00
Remote shell service (RSH) in Infinera MTC-9 version R22.1.1.0275 allows an attacker to utilize password-less user accounts and obtain system access by activating a reverse shell.This issue affects MTC-9: from R22.1.1.0275 before R23.0.
- CVE-2025-26489Dec 8, 2025risk 0.00cvss —epss 0.00
Improper input validation in the Netconf service in Infinera MTC-9 allows remote authenticated users to crash the service and reboot the appliance, thus causing a DoS condition, via crafted XML payloads.This issue affects MTC-9: from R22.1.1.0275 before R23.0.
- CVE-2025-26488Dec 8, 2025risk 0.00cvss —epss 0.00
Improper Input Validation vulnerability in Infinera MTC-9 allows remote unauthenticated users to crash the service and cause a reboot of the appliance, thus causing a DoS condition, via crafted XML payloads.This issue affects MTC-9: from R22.1.1.0275 before R23.0.
- CVE-2025-26487Dec 8, 2025risk 0.00cvss —epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in Infinera MTC-9 version allows remote unauthenticated users to gain access to other network resources using HTTPS requests through the appliance used as a bridge.
- CVE-2025-27026Jul 2, 2025risk 0.00cvss —epss 0.00
A missing double-check feature in the WebGUI for CLI deactivation in Infinera G42 version R6.1.3 allows an authenticated administrator to make other management interfaces unavailable via local and network interfaces. The CLI deactivation via the WebGUI does not only stop CLI…
- CVE-2025-27024Jul 2, 2025risk 0.00cvss —epss 0.00
Unrestricted access to OS file system in SFTP service in Infinera G42 version R6.1.3 allows remote authenticated users to read/write OS files via SFTP connections. Details: Account members of the Network Administrator profile can access the target machine via SFTP with the…
- CVE-2025-27023Jul 2, 2025risk 0.00cvss —epss 0.00
Lack or insufficent input validation in WebGUI CLI web in Infinera G42 version R6.1.3 allows remote authenticated users to read all OS files via crafted CLI commands. Details: The web interface based management of the Infinera G42 appliance enables the feature of executing…
- CVE-2025-27022Jul 2, 2025risk 0.00cvss —epss 0.00
A path traversal vulnerability of the WebGUI HTTP endpoint in Infinera G42 version R6.1.3 allows remote authenticated users to download all OS files via HTTP requests. Details: Lack or insufficient validation of user-supplied input allows authenticated users to access all…
- CVE-2025-27021Jul 2, 2025risk 0.00cvss —epss 0.00
The misconfiguration in the sudoers configuration of the operating system in Infinera G42 version R6.1.3 allows low privileged OS users to read/write physical memory via devmem command line tool. This could allow sensitive information disclosure, denial of service, and…
- CVE-2024-25659Oct 1, 2024risk 0.00cvss —epss 0.01
In Infinera TNMS (Transcend Network Management System) 19.10.3, an insecure default configuration of the internal SFTP server on Linux servers allows remote attacker to access files and directories outside the SFTP user home directory.
- CVE-2024-25658Oct 1, 2024risk 0.00cvss —epss 0.00
Cleartext storage of passwords in Infinera TNMS (Transcend Network Management System) Server 19.10.3 allows attackers (with access to the database or exported configuration files) to obtain SNMP users' usernames and passwords in cleartext.
- CVE-2024-25660Oct 1, 2024risk 0.00cvss —epss 0.01
The WebDAV service in Infinera TNMS (Transcend Network Management System) 19.10.3 allows a low-privileged remote attacker to conduct unauthorized file operations, because of execution with unnecessary privileges.
- CVE-2024-25661Oct 1, 2024risk 0.00cvss —epss 0.00
In Infinera TNMS (Transcend Network Management System) 19.10.3, cleartext storage of sensitive information in memory of the desktop application TNMS Client allows guest OS administrators to obtain various users' passwords by reading memory dumps of the desktop application.
- CVE-2024-28811Sep 30, 2024risk 0.00cvss —epss 0.00
An issue was discovered in Infinera hiT 7300 5.60.50. A web application allows a remote privileged attacker to execute applications contained in a specific OS directory via HTTP invocations.
- CVE-2024-28808Sep 30, 2024risk 0.00cvss —epss 0.00
An issue was discovered in Infinera hiT 7300 5.60.50. Hidden functionality in the web interface allows a remote authenticated attacker to access reserved information by accessing undocumented web applications.
- CVE-2024-28813Sep 30, 2024risk 0.00cvss —epss 0.00
An issue was discovered in Infinera hiT 7300 5.60.50. Undocumented privileged functions in the @CT management application allow an attacker to activate remote SSH access to the appliance via an unexpected network interface.