CVE-2024-28809 identifies a critical vulnerability in the Infinera hiT 7300 optical transport platform firmware version 5.60.50. The core issue is the cleartext storage of sensitive passwords within the firmware update packages, which contain hardcoded credentials. This insecure design flaw (CWE-312: Cleartext Storage of Sensitive Information and CWE-798: Use of Hard-coded Credentials) allows attackers with access to the firmware update files or the network path to extract these credentials and subsequently access various appliance services without authentication or user interaction. The vulnerability has a CVSS 3.1 base score of 8.8, reflecting its high impact on confidentiality, integrity, and availability. Attackers can leverage these credentials to manipulate device configurations, disrupt network operations, or pivot to other network segments. The vulnerability is remotely exploitable (Attack Vector: Adjacent Network), requires no privileges or user interaction, and affects a critical network infrastructure component widely used in telecommunications. No patches are currently linked, and no known exploits have been reported in the wild, but the risk remains significant due to the nature of the flaw and the criticality of the affected systems.

The impact of CVE-2024-28809 is substantial for organizations relying on Infinera hiT 7300 devices, which are integral to optical transport networks. Exploitation can lead to unauthorized access to sensitive network infrastructure, allowing attackers to alter configurations, intercept or disrupt data flows, and potentially cause widespread network outages. This compromises confidentiality by exposing sensitive credentials and network data, integrity by enabling unauthorized configuration changes, and availability by potentially disrupting service continuity. Given the role of these devices in backbone telecommunications and data center interconnects, the vulnerability poses a risk to service providers, enterprises, and critical infrastructure operators globally. The absence of required authentication and user interaction lowers the barrier for exploitation, increasing the threat level. Organizations may face operational disruptions, financial losses, reputational damage, and regulatory consequences if exploited.

To mitigate CVE-2024-28809, organizations should immediately restrict access to firmware update packages and the management interfaces of Infinera hiT 7300 devices to trusted personnel and networks only. Network segmentation should be enforced to isolate these devices from less secure network zones. Monitoring and logging of access to firmware files and appliance services should be enhanced to detect unauthorized attempts. Since no official patches are currently available, organizations should engage with Infinera support for guidance and prioritize applying any forthcoming firmware updates that address this issue. Additionally, consider implementing compensating controls such as multi-factor authentication on management interfaces where possible, and conduct regular audits of device configurations and credentials. Employing network intrusion detection systems (NIDS) to identify anomalous activity targeting these devices can also help in early detection of exploitation attempts.