CVE-2014-7249 - OpenCVE

Buffer overflow on the Allied Telesis AR440S, AR441S, AR442S, AR745, AR750S, AR750S-DP, AT-8624POE, AT-8624T/2M, AT-8648T/2SP, AT-8748XL, AT-8848, AT-9816GB, AT-9924T, AT-9924Ts, CentreCOM AR415S, CentreCOM AR450S, CentreCOM AR550S, CentreCOM AR570S, CentreCOM 8700SL, CentreCOM 8948XL, CentreCOM 9924SP, CentreCOM 9924T/4SP, Rapier 48i, and SwitchBlade4000 with firmware before 2.9.1-21 allows remote attackers to execute arbitrary code via a crafted HTTP POST request.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Alliedtelesis	Ar750s Firmware Centrecom Ar450s Rapier 48i Firmware At-8624t\/2m Firmware Ar442s Ar441s Centrecom Ar8700sl At-9924ts At-9924ts Firmware Centrecom 8948xl Firmware Centrecom 9924t\/4sp Switchblade4000 Firmware Centrecom Ar415s Centrecom 9924sp Firmware Centrecom Ar450s Firmware Ar442s Firmware At-9816gb Centrecom Ar570s Firmware At-8648t\/2sp At-8648t\/2sp Firmware Ar750s-dp At-9816gb Firmware At-8624poe Ar750s Ar750s-dp Firmware At-8748xl Firmware Centrecom 9924t\/4sp Firmware Centrecom 9924sp Rapier 48i At-8624poe Firmware Centrecom 8948xl Centrecom 8700sl Firmware Ar745 Ar745 Firmware Centrecom Ar550s Firmware At-8748xl Centrecom Ar550s At-8848 Ar441s Firmware Switchblade4000 At-8624t\/2m At-9924t Ar440s Firmware At-9924t Firmware Centrecom Ar415s Firmware Centrecom Ar570s At-8848 Firmware Ar440s

Configuration 1 [-]

AND

cpe:2.3:o:alliedtelesis:centrecom_ar415s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:alliedtelesis:centrecom_ar415s:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:alliedtelesis:at-8624t\/2m_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:alliedtelesis:at-8624t\/2m:*:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:alliedtelesis:ar442s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:alliedtelesis:ar442s:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:alliedtelesis:at-9924t_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:alliedtelesis:at-9924t:*:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:alliedtelesis:at-8848_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:alliedtelesis:at-8848:*:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:alliedtelesis:rapier_48i_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:alliedtelesis:rapier_48i:*:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:alliedtelesis:centrecom_ar450s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:alliedtelesis:centrecom_ar450s:*:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:alliedtelesis:ar745_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:alliedtelesis:ar745:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:alliedtelesis:ar441s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:alliedtelesis:ar441s:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:alliedtelesis:centrecom_9924sp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:alliedtelesis:centrecom_9924sp:*:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:alliedtelesis:switchblade4000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:alliedtelesis:switchblade4000:*:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:alliedtelesis:at-8624poe_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:alliedtelesis:at-8624poe:*:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:alliedtelesis:centrecom_9924t\/4sp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:alliedtelesis:centrecom_9924t\/4sp:*:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:alliedtelesis:at-9816gb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:alliedtelesis:at-9816gb:*:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:alliedtelesis:at-9924ts_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:alliedtelesis:at-9924ts:*:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:alliedtelesis:ar750s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:alliedtelesis:ar750s:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:alliedtelesis:centrecom_ar570s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:alliedtelesis:centrecom_ar570s:*:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:alliedtelesis:centrecom_8948xl_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:alliedtelesis:centrecom_8948xl:*:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:alliedtelesis:at-8648t\/2sp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:alliedtelesis:at-8648t\/2sp:*:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:alliedtelesis:centrecom_8700sl_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:alliedtelesis:centrecom_ar8700sl:*:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:alliedtelesis:ar750s-dp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:alliedtelesis:ar750s-dp:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:alliedtelesis:centrecom_ar550s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:alliedtelesis:centrecom_ar550s:*:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:alliedtelesis:at-8748xl_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:alliedtelesis:at-8748xl:*:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:alliedtelesis:ar440s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:alliedtelesis:ar440s:-:*:*:*:*:*:*:*

References

Link	Resource
http://jvn.jp/en/jp/JVN22440986/index.html	Vendor Advisory
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000132	Vendor Advisory
http://www.allied-telesis.co.jp/support/list/faq/vuls/20141111aen.html	Vendor Advisory