Lucene search

[email protected]CVE-2014-7249

HistoryDec 19, 2014 - 11:59 a.m.

CVE-2014-7249

2014-12-1911:59:01

CWE-119

[email protected]

web.nvd.nist.gov

cve-2014-7249

buffer overflow

allied telesis

ar440s

ar441s

ar442s

ar745

ar750s

ar750s-dp

at-8624poe

at-8624t/2m

at-8648t/2sp

at-8748xl

at-8848

at-9816gb

at-9924t

at-9924ts

centrecom ar415s

centrecom ar450s

centrecom ar550s

centrecom ar570s

centrecom 8700sl

centrecom 8948xl

centrecom 9924sp

centrecom 9924t/4sp

rapier 48i

switchblade4000

firmware security

http post request

remote code execution

vulnerability

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8.2 High

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

86.0%

JSON

Buffer overflow on the Allied Telesis AR440S, AR441S, AR442S, AR745, AR750S, AR750S-DP, AT-8624POE, AT-8624T/2M, AT-8648T/2SP, AT-8748XL, AT-8848, AT-9816GB, AT-9924T, AT-9924Ts, CentreCOM AR415S, CentreCOM AR450S, CentreCOM AR550S, CentreCOM AR570S, CentreCOM 8700SL, CentreCOM 8948XL, CentreCOM 9924SP, CentreCOM 9924T/4SP, Rapier 48i, and SwitchBlade4000 with firmware before 2.9.1-21 allows remote attackers to execute arbitrary code via a crafted HTTP POST request.

Affected configurations

NVD

Node

alliedtelesiscentrecom_ar415s_firmwareRange≤2.9.1-20

AND

alliedtelesiscentrecom_ar415s

Node

alliedtelesisat-8624t\/2m_firmwareRange≤2.9.1-20

AND

alliedtelesisat-8624t\/2m

Node

alliedtelesisar442s_firmwareRange≤2.9.1-20

AND

alliedtelesisar442sMatch-

Node

alliedtelesisat-9924t_firmwareRange≤2.9.1-20

AND

alliedtelesisat-9924t

Node

alliedtelesisat-8848_firmwareRange≤2.9.1-20

AND

alliedtelesisat-8848

Node

alliedtelesisrapier_48i_firmwareRange≤2.9.1-20

AND

alliedtelesisrapier_48i

Node

alliedtelesiscentrecom_ar450s_firmwareRange≤2.9.1-20

AND

alliedtelesiscentrecom_ar450s

Node

alliedtelesisar745_firmwareRange≤2.9.1-20

AND

alliedtelesisar745Match-

Node

alliedtelesisar441s_firmwareRange≤2.9.1-20

AND

alliedtelesisar441sMatch-

Node

alliedtelesiscentrecom_9924sp_firmwareRange≤2.9.1-20

AND

alliedtelesiscentrecom_9924sp

Node

alliedtelesisswitchblade4000_firmwareRange≤2.9.1-20

AND

alliedtelesisswitchblade4000

Node

alliedtelesisat-8624poe_firmwareRange≤2.9.1-20

AND

alliedtelesisat-8624poe

Node

alliedtelesiscentrecom_9924t\/4sp_firmwareRange≤2.9.1-20

AND

alliedtelesiscentrecom_9924t\/4sp

Node

alliedtelesisat-9816gb_firmwareRange≤2.9.1-20

AND

alliedtelesisat-9816gb

Node

alliedtelesisat-9924ts_firmwareRange≤2.9.1-20

AND

alliedtelesisat-9924ts

Node

alliedtelesisar750s_firmwareRange≤2.9.1-20

AND

alliedtelesisar750sMatch-

Node

alliedtelesiscentrecom_ar570s_firmwareRange≤2.9.1-20

AND

alliedtelesiscentrecom_ar570s

Node

alliedtelesiscentrecom_8948xl_firmwareRange≤2.9.1-20

AND

alliedtelesiscentrecom_8948xl

Node

alliedtelesisat-8648t\/2sp_firmwareRange≤2.9.1-20

AND

alliedtelesisat-8648t\/2sp

Node

alliedtelesiscentrecom_8700sl_firmwareRange≤2.9.1-20

AND

alliedtelesiscentrecom_ar8700sl

Node

alliedtelesisar750s-dp_firmwareRange≤2.9.1-20

AND

alliedtelesisar750s-dpMatch-

Node

alliedtelesiscentrecom_ar550s_firmwareRange≤2.9.1-20

AND

alliedtelesiscentrecom_ar550s

Node

alliedtelesisat-8748xl_firmwareRange≤2.9.1-20

AND

alliedtelesisat-8748xl

Node

alliedtelesisar440s_firmwareRange≤2.9.1-20

AND

alliedtelesisar440sMatch-

CPENameOperatorVersion
alliedtelesis:centrecom_ar415s_firmwarealliedtelesis centrecom ar415s firmwarele2.9.1-20
alliedtelesis:centrecom_ar415salliedtelesis centrecom ar415seq*

CPE	Name	Operator	Version
alliedtelesis:centrecom_ar415s_firmware	alliedtelesis centrecom ar415s firmware	le	2.9.1-20
alliedtelesis:centrecom_ar415s	alliedtelesis centrecom ar415s	eq	*