EUVD-2025-19697

ID: EUVD-2025-19697

Severity: high

CVSS v4: Not provided

CVSS v3: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CWE: None listed

Source: ENISA

Description

A path traversal vulnerability of the WebGUI HTTP endpoint in Infinera G42 version R6.1.3 allows remote authenticated users to download all OS files via HTTP requests. Details: Lack or insufficient validation of user-supplied input allows authenticated users to access all files on the target machine file system that are readable to the user account used to run the httpd service.

Timestamps

Normalized: 2025-12-31T11:32:16Z UTC
Last updated: 2025-12-31T11:29:50Z UTC

References

No references provided.

VulnAI

EUVD-2025-19697

Description

Timestamps

References