Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
4DescriptionCVE.org
Lack or insufficent input validation in WebGUI CLI web in Infinera G42 version R6.1.3 allows remote authenticated users to read all OS files via crafted CLI commands.
Details: The web interface based management of the Infinera G42 appliance enables the feature of executing a restricted set of commands. This feature also offers the option to execute a script-file already present on the target device. When a non-script or incorrect file is specified, the content of the file is shown along with an error message. Due to an execution of the http service with a privileged user all files on the file system can be viewed this way.
Analysis
Lack or insufficent input validation in WebGUI CLI web in Infinera G42 version R6.1.3 allows remote authenticated users to read all OS files via crafted CLI commands.
Details: The web interface based management of the Infinera G42 appliance enables the feature of executing a restricted set of commands. This feature also offers the option to execute a script-file already present on the target device. When a non-script or incorrect file is specified, the content of the file is shown along with an error message. Due to an execution of the http service with a privileged user all files on the file system can be viewed this way.
Technical ContextAI
This vulnerability is classified as Improper Input Validation (CWE-20).
RemediationAI
Monitor vendor advisories for patches. Apply mitigations such as network segmentation, access restrictions, and monitoring.
More in G42 Firmware
View allA path traversal vulnerability of the WebGUI HTTP endpoint in Infinera G42 version R6.1.3 allows remote authenticated u
The misconfiguration in the sudoers configuration of the operating system in Infinera G42 version R6.1.3 allows low pri
A security vulnerability in SFTP service in Infinera G42 (CVSS 6.5) that allows remote authenticated users. Remediation
A security vulnerability in the WebGUI for CLI deactivation in Infinera G42 (CVSS 4.9) that allows an authenticated admi
Same weakness CWE-20 – Improper Input Validation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-19696