CVE-2014-7249

Buffer overflow on the Allied Telesis AR440S, AR441S, AR442S, AR745, AR750S, AR750S-DP, AT-8624POE, AT-8624T/2M, AT-8648T/2SP, AT-8748XL, AT-8848, AT-9816GB, AT-9924T, AT-9924Ts, CentreCOM AR415S, CentreCOM AR450S, CentreCOM AR550S, CentreCOM AR570S, CentreCOM 8700SL, CentreCOM 8948XL, CentreCOM 9924SP, CentreCOM 9924T/4SP, Rapier 48i, and SwitchBlade4000 with firmware before 2.9.1-21 allows remote attackers to execute arbitrary code via a crafted HTTP POST request.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://jvn.jp/en/jp/JVN22440986/index.html	Vendor Advisory
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000132	Vendor Advisory
http://www.allied-telesis.co.jp/support/list/faq/vuls/20141111aen.html	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:alliedtelesis:centrecom_ar415s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:alliedtelesis:centrecom_ar415s:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:alliedtelesis:at-8624t\/2m_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:alliedtelesis:at-8624t\/2m:*:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:alliedtelesis:ar442s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:alliedtelesis:ar442s:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:alliedtelesis:at-9924t_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:alliedtelesis:at-9924t:*:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:alliedtelesis:at-8848_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:alliedtelesis:at-8848:*:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:alliedtelesis:rapier_48i_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:alliedtelesis:rapier_48i:*:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:alliedtelesis:centrecom_ar450s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:alliedtelesis:centrecom_ar450s:*:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:alliedtelesis:ar745_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:alliedtelesis:ar745:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:alliedtelesis:ar441s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:alliedtelesis:ar441s:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:alliedtelesis:centrecom_9924sp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:alliedtelesis:centrecom_9924sp:*:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:alliedtelesis:switchblade4000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:alliedtelesis:switchblade4000:*:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:alliedtelesis:at-8624poe_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:alliedtelesis:at-8624poe:*:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:alliedtelesis:centrecom_9924t\/4sp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:alliedtelesis:centrecom_9924t\/4sp:*:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:alliedtelesis:at-9816gb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:alliedtelesis:at-9816gb:*:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:alliedtelesis:at-9924ts_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:alliedtelesis:at-9924ts:*:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:alliedtelesis:ar750s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:alliedtelesis:ar750s:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:alliedtelesis:centrecom_ar570s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:alliedtelesis:centrecom_ar570s:*:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:alliedtelesis:centrecom_8948xl_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:alliedtelesis:centrecom_8948xl:*:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:alliedtelesis:at-8648t\/2sp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:alliedtelesis:at-8648t\/2sp:*:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:alliedtelesis:centrecom_8700sl_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:alliedtelesis:centrecom_ar8700sl:*:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:alliedtelesis:ar750s-dp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:alliedtelesis:ar750s-dp:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:alliedtelesis:centrecom_ar550s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:alliedtelesis:centrecom_ar550s:*:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:alliedtelesis:at-8748xl_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:alliedtelesis:at-8748xl:*:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:alliedtelesis:ar440s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:alliedtelesis:ar440s:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2014-12-19 11:59

Updated : 2024-02-28 12:20

NVD link : CVE-2014-7249

Mitre link : CVE-2014-7249

CVE.ORG link : CVE-2014-7249

JSON object : View

Products Affected

alliedtelesis

at-8748xl
at-8848_firmware
switchblade4000
centrecom_ar450s_firmware
ar442s
centrecom_ar415s_firmware
centrecom_ar550s_firmware
centrecom_9924t\/4sp
at-8648t\/2sp
ar750s-dp_firmware
at-8624t\/2m_firmware
centrecom_ar550s
ar750s-dp
ar745_firmware
ar440s_firmware
centrecom_8948xl
at-9924t_firmware
ar440s
at-8748xl_firmware
at-9924t
centrecom_ar570s_firmware
at-9816gb_firmware
at-9924ts
centrecom_9924sp
centrecom_ar570s
centrecom_9924sp_firmware
ar750s_firmware
centrecom_ar8700sl
at-9816gb
centrecom_8700sl_firmware
at-8648t\/2sp_firmware
at-8624poe
ar750s
ar441s_firmware
ar745
rapier_48i
ar441s
ar442s_firmware
at-8848
rapier_48i_firmware
at-8624poe_firmware
centrecom_ar450s
at-9924ts_firmware
centrecom_8948xl_firmware
centrecom_ar415s
centrecom_9924t\/4sp_firmware
switchblade4000_firmware
at-8624t\/2m

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

10.0 /10