Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-26487 | 1 Nokia | 2 Infinera Mtc-9, Infinera Mtc-9 Firmware | 2025-12-22 | N/A | 8.6 HIGH |
|
Server-Side Request Forgery (SSRF) vulnerability in Infinera MTC-9 version allows
remote unauthenticated users to gain access to other network resources
using HTTPS requests through the appliance used as a bridge.
|
|||||
| CVE-2025-26488 | 1 Nokia | 2 Infinera Mtc-9, Infinera Mtc-9 Firmware | 2025-12-22 | N/A | 7.5 HIGH |
|
Improper Input Validation vulnerability in Infinera MTC-9 allows remote unauthenticated users to crash the service and cause a
reboot of the appliance, thus causing a DoS condition, via crafted XML
payloads.This issue affects MTC-9: from R22.1.1.0275 before R23.0.
|
|||||
| CVE-2025-26489 | 1 Nokia | 2 Infinera Mtc-9, Infinera Mtc-9 Firmware | 2025-12-22 | N/A | 6.5 MEDIUM |
|
Improper input validation in the Netconf service in Infinera MTC-9 allows remote authenticated users to crash the service and
reboot the appliance, thus causing a DoS condition, via crafted XML
payloads.This issue affects MTC-9: from R22.1.1.0275 before R23.0.
|
|||||
| CVE-2025-27019 | 1 Nokia | 2 Infinera Mtc-9, Infinera Mtc-9 Firmware | 2025-12-22 | N/A | 9.8 CRITICAL |
|
Remote shell service (RSH) in Infinera MTC-9 version R22.1.1.0275 allows
an attacker to utilize password-less user accounts and obtain
system access by activating a reverse shell.This issue affects MTC-9: from R22.1.1.0275 before R23.0.
|
|||||
| CVE-2025-27020 | 1 Nokia | 2 Infinera Mtc-9, Infinera Mtc-9 Firmware | 2025-12-22 | N/A | 9.8 CRITICAL |
|
Improper configuration of the SSH service in Infinera MTC-9 allows an unauthenticated attacker to execute arbitrary commands and access data on file system
.
This issue affects MTC-9: from R22.1.1.0275 before R23.0.
|
|||||