Vulnerability Description
Buffer overflow on the Allied Telesis AR440S, AR441S, AR442S, AR745, AR750S, AR750S-DP, AT-8624POE, AT-8624T/2M, AT-8648T/2SP, AT-8748XL, AT-8848, AT-9816GB, AT-9924T, AT-9924Ts, CentreCOM AR415S, CentreCOM AR450S, CentreCOM AR550S, CentreCOM AR570S, CentreCOM 8700SL, CentreCOM 8948XL, CentreCOM 9924SP, CentreCOM 9924T/4SP, Rapier 48i, and SwitchBlade4000 with firmware before 2.9.1-21 allows remote attackers to execute arbitrary code via a crafted HTTP POST request.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alliedtelesis | Centrecom Ar415S Firmware | <= 2.9.1-20 |
| Alliedtelesis | Centrecom Ar415S | All versions |
| Alliedtelesis | At-8624T\/2M Firmware | <= 2.9.1-20 |
| Alliedtelesis | At-8624T\/2M | All versions |
| Alliedtelesis | Ar442S Firmware | <= 2.9.1-20 |
| Alliedtelesis | Ar442S | - |
| Alliedtelesis | At-9924T Firmware | <= 2.9.1-20 |
| Alliedtelesis | At-9924T | All versions |
| Alliedtelesis | At-8848 Firmware | <= 2.9.1-20 |
| Alliedtelesis | At-8848 | All versions |
| Alliedtelesis | Rapier 48I Firmware | <= 2.9.1-20 |
| Alliedtelesis | Rapier 48I | All versions |
| Alliedtelesis | Centrecom Ar450S Firmware | <= 2.9.1-20 |
| Alliedtelesis | Centrecom Ar450S | All versions |
| Alliedtelesis | Ar745 Firmware | <= 2.9.1-20 |
| Alliedtelesis | Ar745 | - |
| Alliedtelesis | Ar441S Firmware | <= 2.9.1-20 |
| Alliedtelesis | Ar441S | - |
| Alliedtelesis | Centrecom 9924Sp Firmware | <= 2.9.1-20 |
| Alliedtelesis | Centrecom 9924Sp | All versions |
Related Weaknesses (CWE)
References
- http://jvn.jp/en/jp/JVN22440986/index.htmlVendor Advisory
- http://jvndb.jvn.jp/jvndb/JVNDB-2014-000132Vendor Advisory
- http://www.allied-telesis.co.jp/support/list/faq/vuls/20141111aen.htmlVendor Advisory
- http://jvn.jp/en/jp/JVN22440986/index.htmlVendor Advisory
- http://jvndb.jvn.jp/jvndb/JVNDB-2014-000132Vendor Advisory
- http://www.allied-telesis.co.jp/support/list/faq/vuls/20141111aen.htmlVendor Advisory
FAQ
What is CVE-2014-7249?
CVE-2014-7249 is a vulnerability with a CVSS score of 10.0 (HIGH). Buffer overflow on the Allied Telesis AR440S, AR441S, AR442S, AR745, AR750S, AR750S-DP, AT-8624POE, AT-8624T/2M, AT-8648T/2SP, AT-8748XL, AT-8848, AT-9816GB, AT-9924T, AT-9924Ts, CentreCOM AR415S, Cen...
How severe is CVE-2014-7249?
CVE-2014-7249 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-7249?
Check the references section above for vendor advisories and patch information. Affected products include: Alliedtelesis Centrecom Ar415S Firmware, Alliedtelesis Centrecom Ar415S, Alliedtelesis At-8624T\/2M Firmware, Alliedtelesis At-8624T\/2M, Alliedtelesis Ar442S Firmware.