Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper File Access in Infinera G42
Vulnerability Description
The target device exposes a service on a specific TCP port with a configured endpoint. The access to that endpoint is granted using a Basic Authentication method. The endpoint accepts also the PUT method and it is possible to write files on the target device file system. Files are written as root. Using Postman it is possible to perform a Directory Traversal attack and write files into any location of the device file system. Similarly to the PUT method, it is possible to leverage the same mechanism to read any file from the file system by using the GET method.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
不充分权限或特权的处理不恰当
Vulnerability Title
Infinera G42 安全漏洞
Vulnerability Description
Infinera G42是美国Infinera公司的一款光网络的模块平台。 Infinera G42 R6.1.3版本存在安全漏洞,该漏洞源于目录遍历问题,可能导致文件读写。
CVSS Information
N/A
Vulnerability Type
N/A