CVE-2014-7249

EPSS 8.45%
Published 19.12.2014 11:59:01
Last modified 12.04.2025 10:46:40
Source vultures@jpcert.or.jp
Teams watchlist Login
Open Login

Buffer overflow on the Allied Telesis AR440S, AR441S, AR442S, AR745, AR750S, AR750S-DP, AT-8624POE, AT-8624T/2M, AT-8648T/2SP, AT-8748XL, AT-8848, AT-9816GB, AT-9924T, AT-9924Ts, CentreCOM AR415S, CentreCOM AR450S, CentreCOM AR550S, CentreCOM AR570S, CentreCOM 8700SL, CentreCOM 8948XL, CentreCOM 9924SP, CentreCOM 9924T/4SP, Rapier 48i, and SwitchBlade4000 with firmware before 2.9.1-21 allows remote attackers to execute arbitrary code via a crafted HTTP POST request.

Affected products Warnungen 0 Metrics 2 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Alliedtelesis ≫ Centrecom Ar415s Firmware Version <= 2.9.1-20

Alliedtelesis ≫ Centrecom Ar415s

Alliedtelesis ≫ Ar442s Firmware Version <= 2.9.1-20

Alliedtelesis ≫ Ar442s Version-

Alliedtelesis ≫ At-9924t Firmware Version <= 2.9.1-20

Alliedtelesis ≫ At-9924t

Alliedtelesis ≫ At-8848 Firmware Version <= 2.9.1-20

Alliedtelesis ≫ At-8848

Alliedtelesis ≫ Rapier 48i Firmware Version <= 2.9.1-20

Alliedtelesis ≫ Rapier 48i

Alliedtelesis ≫ Centrecom Ar450s Firmware Version <= 2.9.1-20

Alliedtelesis ≫ Centrecom Ar450s

Alliedtelesis ≫ Ar745 Firmware Version <= 2.9.1-20

Alliedtelesis ≫ Ar745 Version-

Alliedtelesis ≫ Ar441s Firmware Version <= 2.9.1-20

Alliedtelesis ≫ Ar441s Version-

Alliedtelesis ≫ Centrecom 9924sp Firmware Version <= 2.9.1-20

Alliedtelesis ≫ Centrecom 9924sp

Alliedtelesis ≫ Switchblade4000 Firmware Version <= 2.9.1-20

Alliedtelesis ≫ Switchblade4000

Alliedtelesis ≫ At-8624poe Firmware Version <= 2.9.1-20

Alliedtelesis ≫ At-8624poe

Alliedtelesis ≫ At-9816gb Firmware Version <= 2.9.1-20

Alliedtelesis ≫ At-9816gb

Alliedtelesis ≫ At-9924ts Firmware Version <= 2.9.1-20

Alliedtelesis ≫ At-9924ts

Alliedtelesis ≫ Ar750s Firmware Version <= 2.9.1-20

Alliedtelesis ≫ Ar750s Version-

Alliedtelesis ≫ Centrecom Ar570s Firmware Version <= 2.9.1-20

Alliedtelesis ≫ Centrecom Ar570s

Alliedtelesis ≫ Centrecom 8948xl Firmware Version <= 2.9.1-20

Alliedtelesis ≫ Centrecom 8948xl

Alliedtelesis ≫ Centrecom 8700sl Firmware Version <= 2.9.1-20

Alliedtelesis ≫ Centrecom Ar8700sl

Alliedtelesis ≫ Ar750s-dp Firmware Version <= 2.9.1-20

Alliedtelesis ≫ Ar750s-dp Version-

Alliedtelesis ≫ Centrecom Ar550s Firmware Version <= 2.9.1-20

Alliedtelesis ≫ Centrecom Ar550s

Alliedtelesis ≫ At-8748xl Firmware Version <= 2.9.1-20

Alliedtelesis ≫ At-8748xl

Alliedtelesis ≫ Ar440s Firmware Version <= 2.9.1-20

Alliedtelesis ≫ Ar440s Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	8.45%	0.919

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://jvn.jp/en/jp/JVN22440986/index.html

Vendor Advisory

http://jvndb.jvn.jp/jvndb/JVNDB-2014-000132

Vendor Advisory

http://www.allied-telesis.co.jp/support/list/faq/vuls/20141111aen.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2014-7249

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-7249

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-7249

EUVD