CVE-2025-27026

Medium CVSS: 4.9

A missing double-check feature in the WebGUI for CLI deactivation in Infinera G42
version R6.1.3 allows an authenticated administrator to make other
management interfaces unavailable via local and network interfaces. The CLI deactivation via the WebGUI does not only stop CLI interface but deactivates also Linux Shell, WebGUI and Physical Serial Console access. No
confirmation is asked at deactivation time. Loosing access to these services device administrators are at risk of completely loosing device control.

Vendor

Nokia

Product

G42 Firmware

CWE

CWE-1220

Yayın Tarihi

2025-07-02 14:15:23

Güncelleme

2026-02-11 21:20:38

Source Identifier

a6d3dc9e-0591-4a13-bce7-0f5b31ff6158

KEV Date Added

Kategoriler

CWE-1220 G42 Firmware MEDIUM Nokia 2025

Referanslar

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-27026 https://www.cvcn.gov.it/cvcn/cve/CVE-2025-27026

Benzer Kayıtlar

High

CVE-2021-35486

A Cross-Site Request Forgery (CSRF) vulnerability in Nokia IMPACT through 19.11.2.10-20210118042150283 allows a remote a…

Low

CVE-2023-31044

An issue was discovered in Nokia Impact before Mobile 23_FP1. In Impact DM 19.11 onwards, a remote authenticated user, u…

Medium

CVE-2021-35483

The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to…

High

CVE-2021-35484

Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL…

High

CVE-2021-35485

The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to…

Medium

CVE-2025-10258

Infinera DNA is vulnerable to a time-based SQL injection vulnerability due to insufficient input validation, which may r…