CVE-2014-7249

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2014-7249
Buffer overflow on the Allied Telesis AR440S, AR441S, AR442S, AR745, AR750S, AR750S-DP, AT-8624POE, AT-8624T/2M, AT-8648T/2SP, AT-8748XL, AT-8848, AT-9816GB, AT-9924T, AT-9924Ts, CentreCOM AR415S, CentreCOM AR450S, CentreCOM AR550S, CentreCOM AR570S, CentreCOM 8700SL, CentreCOM 8948XL, CentreCOM 9924SP, CentreCOM 9924T/4SP, Rapier 48i, and SwitchBlade4000 with firmware before 2.9.1-21 allows remote attackers to execute arbitrary code via a crafted HTTP POST request.

10.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://www.allied-telesis.co.jp/support/list/faq/vuls/20141111aen.html Vendor Advisory
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000132 Vendor Advisory
http://jvn.jp/en/jp/JVN22440986/index.html Vendor Advisory
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:alliedtelesis:centrecom_ar415s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:alliedtelesis:centrecom_ar415s:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:alliedtelesis:at-8624t\/2m_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:alliedtelesis:at-8624t\/2m:*:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:alliedtelesis:ar442s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:alliedtelesis:ar442s:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:alliedtelesis:at-9924t_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:alliedtelesis:at-9924t:*:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:alliedtelesis:at-8848_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:alliedtelesis:at-8848:*:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:alliedtelesis:rapier_48i_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:alliedtelesis:rapier_48i:*:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:alliedtelesis:centrecom_ar450s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:alliedtelesis:centrecom_ar450s:*:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:alliedtelesis:ar745_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:alliedtelesis:ar745:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:alliedtelesis:ar441s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:alliedtelesis:ar441s:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:alliedtelesis:centrecom_9924sp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:alliedtelesis:centrecom_9924sp:*:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:alliedtelesis:switchblade4000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:alliedtelesis:switchblade4000:*:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:alliedtelesis:at-8624poe_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:alliedtelesis:at-8624poe:*:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:alliedtelesis:centrecom_9924t\/4sp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:alliedtelesis:centrecom_9924t\/4sp:*:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:alliedtelesis:at-9816gb_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:alliedtelesis:at-9816gb:*:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:alliedtelesis:at-9924ts_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:alliedtelesis:at-9924ts:*:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:alliedtelesis:ar750s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:alliedtelesis:ar750s:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:alliedtelesis:centrecom_ar570s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:alliedtelesis:centrecom_ar570s:*:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:alliedtelesis:centrecom_8948xl_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:alliedtelesis:centrecom_8948xl:*:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:alliedtelesis:at-8648t\/2sp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:alliedtelesis:at-8648t\/2sp:*:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:alliedtelesis:centrecom_8700sl_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:alliedtelesis:centrecom_ar8700sl:*:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:alliedtelesis:ar750s-dp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:alliedtelesis:ar750s-dp:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:alliedtelesis:centrecom_ar550s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:alliedtelesis:centrecom_ar550s:*:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:alliedtelesis:at-8748xl_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:alliedtelesis:at-8748xl:*:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
cpe:2.3:o:alliedtelesis:ar440s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:alliedtelesis:ar440s:-:*:*:*:*:*:*:*
Information

Published : 2014-12-19 03:59

Updated : 2014-12-19 09:13

NVD link : CVE-2014-7249

Mitre link : CVE-2014-7249

JSON object : View

CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Advertisement

dedicated server usa
Products Affected

alliedtelesis

  • switchblade4000_firmware
  • ar750s_firmware
  • at-8848_firmware
  • ar750s-dp
  • centrecom_ar570s
  • ar440s
  • ar745_firmware
  • ar442s
  • at-9924ts
  • centrecom_ar570s_firmware
  • at-9816gb_firmware
  • ar750s-dp_firmware
  • switchblade4000
  • at-8748xl_firmware
  • centrecom_ar415s_firmware
  • ar441s_firmware
  • centrecom_ar550s
  • centrecom_9924sp_firmware
  • centrecom_8948xl_firmware
  • centrecom_8948xl
  • centrecom_9924sp
  • at-9816gb
  • rapier_48i
  • at-8648t\/2sp
  • centrecom_ar415s
  • ar745
  • at-8648t\/2sp_firmware
  • centrecom_ar450s
  • rapier_48i_firmware
  • at-8848
  • at-9924t
  • at-8624poe_firmware
  • ar442s_firmware
  • at-9924ts_firmware
  • ar750s
  • centrecom_9924t\/4sp_firmware
  • centrecom_8700sl_firmware
  • at-8748xl
  • ar440s_firmware
  • at-8624t\/2m
  • at-9924t_firmware
  • centrecom_9924t\/4sp
  • at-8624poe
  • ar441s
  • centrecom_ar8700sl
  • centrecom_ar450s_firmware
  • centrecom_ar550s_firmware
  • at-8624t\/2m_firmware