CVE-2019-18922

HIGH NUCLEI

Allied Telesis AT-GS950/8 - Path Traversal

Title source: llm

Description

A Directory Traversal in the Web interface of the Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 [1.00.047] allows unauthenticated attackers to read arbitrary system files via a GET request. NOTE: This is an End-of-Life product.

Nuclei Templates (1)

Allied Telesis AT-GS950/8 - Local File Inclusion

HIGHby 0x_Akoko

References (3)

[Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/155504/Allied-Telesis-AT-GS950-8-Directory-Traversal.html

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2019/Nov/31

[Third Party Advisory] https://pastebin.com/dpEGKUGz

Scores

CVSS v3 7.5

EPSS 0.8761

EPSS Percentile 99.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-22

Status published

Products (1)

alliedtelesis/at-gs950\/8_firmware < 1.00.047

Published Nov 29, 2019

Tracked Since Feb 18, 2026