Infinera Mtc-9 vulnerabilities
5 known vulnerabilities affecting infinera/mtc-9.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2025-27020P2CRITICALCVSS 9.8≥ R22.1.1.0275, < R23.02025-12-08
CVE-2025-27020 [CRITICAL] CWE-306 CVE-2025-27020: Improper configuration of the SSH service in Infinera MTC-9 allows an unauthenticated attacker to ex
Improper configuration of the SSH service in Infinera MTC-9 allows an unauthenticated attacker to execute arbitrary commands and access data on file system
.
This issue affects MTC-9: from R22.1.1.0275 before R23.0.
nvd
CVE-2025-27019P3CRITICALCVSS 9.8≥ R22.1.1.0275, < R23.02025-12-08
CVE-2025-27019 [CRITICAL] CWE-306 CVE-2025-27019: Remote shell service (RSH) in Infinera MTC-9 version R22.1.1.0275 allows an attacker to utilize pas
Remote shell service (RSH) in Infinera MTC-9 version R22.1.1.0275 allows
an attacker to utilize password-less user accounts and obtain
system access by activating a reverse shell.This issue affects MTC-9: from R22.1.1.0275 before R23.0.
nvd
CVE-2025-26487P3HIGHCVSS 8.6≥ R22.1.1.0275, < R23.02025-12-08
CVE-2025-26487 [HIGH] CWE-918 CVE-2025-26487: Server-Side Request Forgery (SSRF) vulnerability in Infinera MTC-9 version allows remote unauthenti
Server-Side Request Forgery (SSRF) vulnerability in Infinera MTC-9 version allows
remote unauthenticated users to gain access to other network resources
using HTTPS requests through the appliance used as a bridge.
nvd
CVE-2025-26488P3HIGHCVSS 7.5≥ R22.1.1.0275, < R23.02025-12-08
CVE-2025-26488 [HIGH] CWE-20 CVE-2025-26488: Improper Input Validation vulnerability in Infinera MTC-9 allows remote unauthenticated users to cra
Improper Input Validation vulnerability in Infinera MTC-9 allows remote unauthenticated users to crash the service and cause a
reboot of the appliance, thus causing a DoS condition, via crafted XML
payloads.This issue affects MTC-9: from R22.1.1.0275 before R23.0.
nvd
CVE-2025-26489P4MEDIUMCVSS 6.5≥ R22.1.1.0275, < R23.02025-12-08
CVE-2025-26489 [MEDIUM] CWE-20 CVE-2025-26489: Improper input validation in the Netconf service in Infinera MTC-9 allows remote authenticated users
Improper input validation in the Netconf service in Infinera MTC-9 allows remote authenticated users to crash the service and
reboot the appliance, thus causing a DoS condition, via crafted XML
payloads.This issue affects MTC-9: from R22.1.1.0275 before R23.0.
nvd