An issue was discovered in Infinera hiT 7300 5.60.50. Undocumented privileged functions in the @CT management application allow an attacker to activate remote SSH access to the appliance via an unexpe
An issue was discovered in Infinera hiT 7300 5.60.50. Hidden functionality in the web interface allows a remote authenticated attacker to access reserved information by accessing undocumented web appl
An issue was discovered in Infinera hiT 7300 5.60.50. A web application allows a remote privileged attacker to execute applications contained in a specific OS directory via HTTP invocations.
An issue was discovered in Infinera hiT 7300 5.60.50. A hidden SSH service (on the local management network interface) with hardcoded credentials allows attackers to access the appliance operating sys
An issue was discovered in Infinera hiT 7300 5.60.50. Sensitive information inside diagnostic files (exported by the @CT application) allows an attacker to achieve loss of confidentiality by analyzing
An issue was discovered in Infinera hiT 7300 5.60.50. Cleartext storage of sensitive password in firmware update packages allows attackers to access various appliance services via hardcoded credential
Improper configuration of the SSH service in Infinera MTC-9 allows an unauthenticated attacker to execute arbitrary commands and access data on file system
.
This issue affects MTC-9: from R22.1.1.
Remote shell service (RSH) in Infinera MTC-9 version R22.1.1.0275 allows
an attacker to utilize password-less user accounts and obtain
system access by activating a reverse shell.This issue affects
An issue was discovered in Infinera hiT 7300 5.60.50. Cleartext storage of sensitive information in the memory of the @CT desktop management application allows guest OS administrators to obtain variou
Improper Input Validation vulnerability in Infinera MTC-9 allows remote unauthenticated users to crash the service and cause a
reboot of the appliance, thus causing a DoS condition, via crafted XML
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not sanitize the input parameters in specific GET requests. This coul
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices provides an endpoint that allows to enable the ssh service without authent
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not sanitize the region parameter in specific POST requests. This cou
A missing double-check feature in the WebGUI for CLI deactivation in Infinera G42
version R6.1.3 allows an authenticated administrator to make other
management interfaces unavailable via local and n
Improper input validation in the Netconf service in Infinera MTC-9 allows remote authenticated users to crash the service and
reboot the appliance, thus causing a DoS condition, via crafted XML
payl
A path traversal vulnerability of the WebGUI HTTP endpoint in Infinera G42 version R6.1.3
allows remote authenticated users to download all OS files via HTTP
requests.
Details:
Lack or insuffici
Hidden functionality issue exists in WN-7D36QR and WN-7D36QR/UE. If this vulnerability is exploited, SSH may be enabled by a remote authenticated attacker.
The WebDAV service in Infinera TNMS (Transcend Network Management System) 19.10.3 allows a low-privileged remote attacker to conduct unauthorized file operations, because of execution with unnecessary
A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the wireless network configuration fi
A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and classified as critical. Affected by this issue is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. The manipulation lead
Page 1+ Next →