PT-2025-49537 · Infinera · Infinera Mtc-9
Published
2025-12-08
·
Updated
2025-12-22
·
CVE-2025-26489
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Infinera MTC-9 versions R22.1.1.0275 through R23.0
Description
A flaw exists in the Netconf service of Infinera MTC-9 that allows remotely authenticated users to cause a denial-of-service (DoS) condition. This is achieved by sending specially crafted XML payloads, which can crash the service and reboot the appliance. The issue stems from improper input validation.
Recommendations
Update to a version after R23.0.
Fix
DoS
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Infinera Mtc-9