MidnightBSD

Advisories for alliedtelesis

CVE-2014-1982 HIGH

The administrative interface in Allied Telesis AT-RG634A ADSL Broadband router 3.3+, iMG624A firmware 3.5, iMG616LH firmware 2.4, and iMG646BD firmware 3.5 allows remote attackers to gain privileges and execute arbitrary commands via a direct request to cli.html.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-287,

Products Affected

Vendor Product Version
alliedtelesis at-rg634a -
alliedtelesis img616lh -
alliedtelesis img646bd_firmware 3.5
alliedtelesis at-rg634a_firmware 3.3+
alliedtelesis img616lh_firmware +2.4
alliedtelesis img624a_firmware 3.5
alliedtelesis img624a -
alliedtelesis img646bd -
CVE-2014-7249 HIGH

Buffer overflow on the Allied Telesis AR440S, AR441S, AR442S, AR745, AR750S, AR750S-DP, AT-8624POE, AT-8624T/2M, AT-8648T/2SP, AT-8748XL, AT-8848, AT-9816GB, AT-9924T, AT-9924Ts, CentreCOM AR415S, CentreCOM AR450S, CentreCOM AR550S, CentreCOM AR570S, CentreCOM 8700SL, CentreCOM 8948XL, CentreCOM 9924SP, CentreCOM 9924T/4SP, Rapier 48i, and SwitchBlade4000 with firmware before 2.9.1-21 allows remote attackers to execute arbitrary code via a crafted HTTP POST request.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
alliedtelesis centrecom_ar450s_firmware *
alliedtelesis ar750s-dp_firmware *
alliedtelesis ar441s_firmware *
alliedtelesis at-9924t_firmware *
alliedtelesis ar442s_firmware *
alliedtelesis at-9816gb_firmware *
alliedtelesis at-8848_firmware *
alliedtelesis at-9924ts_firmware *
alliedtelesis centrecom_ar550s *
alliedtelesis at-8624poe_firmware *
alliedtelesis centrecom_9924t/4sp *
alliedtelesis ar745_firmware *
alliedtelesis at-8748xl_firmware *
alliedtelesis ar440s_firmware *
alliedtelesis centrecom_9924sp_firmware *
alliedtelesis centrecom_8700sl_firmware *
alliedtelesis ar750s -
alliedtelesis ar441s -
alliedtelesis at-9816gb *
alliedtelesis ar745 -
alliedtelesis ar440s -
alliedtelesis centrecom_ar570s *
alliedtelesis rapier_48i_firmware *
alliedtelesis centrecom_ar415s *
alliedtelesis at-8624t/2m_firmware *
alliedtelesis at-9924t *
alliedtelesis at-9924ts *
alliedtelesis centrecom_ar415s_firmware *
alliedtelesis centrecom_9924t/4sp_firmware *
alliedtelesis ar750s_firmware *
alliedtelesis rapier_48i *
alliedtelesis switchblade4000 *
alliedtelesis at-8848 *
alliedtelesis centrecom_ar450s *
alliedtelesis centrecom_9924sp *
alliedtelesis at-8624t/2m *
alliedtelesis centrecom_8948xl_firmware *
alliedtelesis centrecom_ar570s_firmware *
alliedtelesis centrecom_8948xl *
alliedtelesis ar750s-dp -
alliedtelesis centrecom_ar550s_firmware *
alliedtelesis at-8748xl *
alliedtelesis at-8624poe *
alliedtelesis at-8648t/2sp *
alliedtelesis switchblade4000_firmware *
alliedtelesis centrecom_ar8700sl *
alliedtelesis at-8648t/2sp_firmware *
alliedtelesis ar442s -
CVE-2018-20503 MEDIUM

Allied Telesis 8100L/8 devices allow XSS via the edit-ipv4_interface.php vlanid or subnet_mask parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
alliedtelesis 8100l/8_firmware -
CVE-2019-18922 HIGH

A Directory Traversal in the Web interface of the Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 [1.00.047] allows unauthenticated attackers to read arbitrary system files via a GET request. NOTE: This is an End-of-Life product.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
alliedtelesis at-gs950/8_firmware *