Allied Telesis · At-Gs950/8 · CVE-2019-18922
**Name of the Vulnerable Software and Affected Versions**
Allied Telesis AT-GS950/8 versions prior to Firmware AT-S107 V.1.1.3 [1.00.047]
**Description**
A Directory Traversal issue in the Web interface allows unauthenticated attackers to read arbitrary system files via a GET request. This issue affects an End-of-Life product.
**Recommendations**
For Allied Telesis AT-GS950/8 versions prior to Firmware AT-S107 V.1.1.3 [1.00.047], update to Firmware AT-S107 V.1.1.3 [1.00.047] or later to resolve the issue. As a temporary workaround, consider restricting access to the Web interface until a patch is applied.