Infinera MTC-9 Server-Side Request Forgery Vulnerability

Vulnerability

A Server-Side Request Forgery (SSRF) vulnerability has been identified in Infinera MTC-9 version R22.1.1.0275. This vulnerability allows remote unauthenticated users to access other network resources by sending HTTPS requests through the appliance, which is used as a bridge. The vulnerability exploits an endpoint exposed by the device's web server, enabling access to data from internal servers that are not reachable from external networks, all without any authorization.

Impact

Exploitation of this vulnerability could lead to unauthorized access to internal network resources and data, bypassing external network restrictions.

Added: Dec 8, 2025, 9:23 AM

Updated: Dec 8, 2025, 1:18 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

7.4

remediation

0.0

relevance

1.4

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

7.4

remediation

0.0

relevance

1.4

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Infinera MTC-9 Server-Side Request Forgery Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating