10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.013 Low
EPSS
Percentile
86.1%
AR Router Series and Alliedware switches provided by Allied Telesis Group contain a buffer overflow vulnerability (CWE-788) due to a flaw when processing a POST method.
Arbitrary code may be executed when processing a specially crafted HTTP request.
Update the Firmware
Update to the latest version according to the information provided by the developer.
Apply a workaround
The following workaround may mitigate the affects of this vulnerability.
The following products with the firmware version 2.9.1-20 and earlier are affected.
Routers
CentreCOM AR300 v2 (End of Support)
CentreCOM AR300L v2 (End of Support)
CentreCOM AR320 (End of Support)
CentreCOM AR410(S) v2 (End of Support)
CentreCOM AR720(S) (End of Support)
CentreCOM AR740(S) (End of Support)
CentreCOM AR450S (End of Support)
CentreCOM AR415S
CentreCOM AR550S
CentreCOM AR560S
CentreCOM AR570S
AR440S
AR441S
AR442S
AR745
AR750S
AR750S-DP
Switches
CentreCOM 8700XL Series (End of Support)
CentreCOM 9812T Series (End of Support)
CentreCOM 9816GB Series (End of Support)
CentreCOM 9924Ts Series (End of Support)
CentreCOM 9924T/4SP Series (End of Support)
CentreCOM 9924SP (End of Support)
CentreCOM 8700SL Series
CentreCOM 8948XL Series
CentreCOM 8724SLv2
SwitchBlade4000
AT-8624T/2M
AT-8648T/2SP
AT-8624POE
AT-8848
AT-9924T
Rapier 48i