Infinera G42 WebGUI CLI Input Validation Vulnerability Allowing Unauthorized OS File Access

Vulnerability

An input validation vulnerability has been identified in the WebGUI CLI management interface of the Infinera G42 appliance, specifically in version R6.1.3. This vulnerability allows remote authenticated users to read all operating system files by sending crafted CLI commands. The issue arises because the web interface permits the execution of a limited set of commands, including the option to run script files already stored on the device. When a non-script file or an incorrect file is requested, the system responds by displaying the file's content along with an error message. Since the HTTP service operates with elevated privileges, this flaw can be exploited to access any file on the filesystem.

Impact

Successful exploitation of this vulnerability could lead to unauthorized access to all OS files on the affected device.

Added: Jul 2, 2025, 10:29 AM

Updated: Jul 2, 2025, 10:29 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

5.2

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

5.2

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Infinera G42 WebGUI CLI Input Validation Vulnerability Allowing Unauthorized OS File Access

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating