PT-2014-7855 · Allied Telesis+1 · Ar745+22

Published

2014-12-19

·

Updated

2014-12-19

·

CVE-2014-7249

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Allied Telesis AR440S versions prior to 2.9.1-21 Allied Telesis AR441S versions prior to 2.9.1-21 Allied Telesis AR442S versions prior to 2.9.1-21 Allied Telesis AR745 versions prior to 2.9.1-21 Allied Telesis AR750S versions prior to 2.9.1-21 Allied Telesis AR750S-DP versions prior to 2.9.1-21 Allied Telesis AT-8624POE versions prior to 2.9.1-21 Allied Telesis AT-8624T/2M versions prior to 2.9.1-21 Allied Telesis AT-8648T/2SP versions prior to 2.9.1-21 Allied Telesis AT-8748XL versions prior to 2.9.1-21 Allied Telesis AT-8848 versions prior to 2.9.1-21 Allied Telesis AT-9816GB versions prior to 2.9.1-21 Allied Telesis AT-9924T versions prior to 2.9.1-21 Allied Telesis AT-9924Ts versions prior to 2.9.1-21 CentreCOM AR415S versions prior to 2.9.1-21 CentreCOM AR450S versions prior to 2.9.1-21 CentreCOM AR550S versions prior to 2.9.1-21 CentreCOM AR570S versions prior to 2.9.1-21 CentreCOM 8700SL versions prior to 2.9.1-21 CentreCOM 8948XL versions prior to 2.9.1-21 CentreCOM 9924SP versions prior to 2.9.1-21 CentreCOM 9924T/4SP versions prior to 2.9.1-21 Rapier 48i versions prior to 2.9.1-21 SwitchBlade4000 versions prior to 2.9.1-21
Description The issue is a buffer overflow that allows remote attackers to execute arbitrary code via a crafted HTTP POST request.
Recommendations Update the firmware to version 2.9.1-21 or later for all affected devices. As a temporary workaround, consider restricting access to the HTTP POST request endpoint until the firmware update is applied. Avoid using the vulnerable firmware versions until the issue is resolved by updating to the latest firmware.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2014-7249

Affected Products

8700Sl
8948Xl
9924Sp
9924T/4Sp
Ar415S
Ar440S
Ar441S
Ar442S
Ar450S
Ar550S
Ar570S
Ar745
Ar750S
Ar750S-Dp
At-8624Poe
At-8624T/2M
At-8648T/2Sp
At-8748Xl
At-8848
At-9816Gb
At-9924T
Rapier 48I
Switchblade4000