cbcvebase.

Infinera Mtc-9 vulnerabilities

5 known vulnerabilities affecting infinera/mtc-9.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH2MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2025-27020P2CRITICALCVSS 9.8≥ R22.1.1.0275, < R23.02025-12-08
CVE-2025-27020 [CRITICAL] CWE-306 CVE-2025-27020: Improper configuration of the SSH service in Infinera MTC-9 allows an unauthenticated attacker to ex Improper configuration of the SSH service in Infinera MTC-9 allows an unauthenticated attacker to execute arbitrary commands and access data on file system . This issue affects MTC-9: from R22.1.1.0275 before R23.0.
nvd
CVE-2025-27019P3CRITICALCVSS 9.8≥ R22.1.1.0275, < R23.02025-12-08
CVE-2025-27019 [CRITICAL] CWE-306 CVE-2025-27019: Remote shell service (RSH) in Infinera MTC-9 version R22.1.1.0275 allows an attacker to utilize pas Remote shell service (RSH) in Infinera MTC-9 version R22.1.1.0275 allows an attacker to utilize password-less user accounts and obtain system access by activating a reverse shell.This issue affects MTC-9: from R22.1.1.0275 before R23.0.
nvd
CVE-2025-26487P3HIGHCVSS 8.6≥ R22.1.1.0275, < R23.02025-12-08
CVE-2025-26487 [HIGH] CWE-918 CVE-2025-26487: Server-Side Request Forgery (SSRF) vulnerability in Infinera MTC-9 version allows remote unauthenti Server-Side Request Forgery (SSRF) vulnerability in Infinera MTC-9 version allows remote unauthenticated users to gain access to other network resources using HTTPS requests through the appliance used as a bridge.
nvd
CVE-2025-26488P3HIGHCVSS 7.5≥ R22.1.1.0275, < R23.02025-12-08
CVE-2025-26488 [HIGH] CWE-20 CVE-2025-26488: Improper Input Validation vulnerability in Infinera MTC-9 allows remote unauthenticated users to cra Improper Input Validation vulnerability in Infinera MTC-9 allows remote unauthenticated users to crash the service and cause a reboot of the appliance, thus causing a DoS condition, via crafted XML payloads.This issue affects MTC-9: from R22.1.1.0275 before R23.0.
nvd
CVE-2025-26489P4MEDIUMCVSS 6.5≥ R22.1.1.0275, < R23.02025-12-08
CVE-2025-26489 [MEDIUM] CWE-20 CVE-2025-26489: Improper input validation in the Netconf service in Infinera MTC-9 allows remote authenticated users Improper input validation in the Netconf service in Infinera MTC-9 allows remote authenticated users to crash the service and reboot the appliance, thus causing a DoS condition, via crafted XML payloads.This issue affects MTC-9: from R22.1.1.0275 before R23.0.
nvd
Infinera Mtc-9 vulnerabilities | cvebase