CVE-2014-7249
Allied Telesis AR/AT/CentreCOM/Rapier/SwitchBlade Firmware < 2.9.1-20 - Remote Code Execution via HTTP POST
Title source: llmDescription
Buffer overflow on the Allied Telesis AR440S, AR441S, AR442S, AR745, AR750S, AR750S-DP, AT-8624POE, AT-8624T/2M, AT-8648T/2SP, AT-8748XL, AT-8848, AT-9816GB, AT-9924T, AT-9924Ts, CentreCOM AR415S, CentreCOM AR450S, CentreCOM AR550S, CentreCOM AR570S, CentreCOM 8700SL, CentreCOM 8948XL, CentreCOM 9924SP, CentreCOM 9924T/4SP, Rapier 48i, and SwitchBlade4000 with firmware before 2.9.1-21 allows remote attackers to execute arbitrary code via a crafted HTTP POST request.
References (3)
Core 3
Core References
Vendor Advisory third-party-advisory
x_refsource_jvn
http://jvn.jp/en/jp/JVN22440986/index.html
Vendor Advisory x_refsource_confirm
http://www.allied-telesis.co.jp/support/list/faq/vuls/20141111aen.html
Vendor Advisory third-party-advisory
x_refsource_jvndb
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000132
Scores
EPSS
0.0613
EPSS Percentile
92.6%
Details
CWE
CWE-119
Status
published
Products (48)
alliedtelesis/ar440s
alliedtelesis/ar440s_firmware
< 2.9.1-20
alliedtelesis/ar441s
alliedtelesis/ar441s_firmware
< 2.9.1-20
alliedtelesis/ar442s
alliedtelesis/ar442s_firmware
< 2.9.1-20
alliedtelesis/ar745
alliedtelesis/ar745_firmware
< 2.9.1-20
alliedtelesis/ar750s
alliedtelesis/ar750s-dp
... and 38 more
Published
Dec 19, 2014
Tracked Since
Feb 18, 2026