CVE-2014-7249

Summary

CVE	CVE-2014-7249
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2014-12-19 11:59:00 UTC
Updated	2014-12-19 17:13:00 UTC
Description	Buffer overflow on the Allied Telesis AR440S, AR441S, AR442S, AR745, AR750S, AR750S-DP, AT-8624POE, AT-8624T/2M, AT-8648T/2SP, AT-8748XL, AT-8848, AT-9816GB, AT-9924T, AT-9924Ts, CentreCOM AR415S, CentreCOM AR450S, CentreCOM AR550S, CentreCOM AR570S, CentreCOM 8700SL, CentreCOM 8948XL, CentreCOM 9924SP, CentreCOM 9924T/4SP, Rapier 48i, and SwitchBlade4000 with firmware before 2.9.1-21 allows remote attackers to execute arbitrary code via a crafted HTTP POST request.

Risk And Classification

Problem Types: CWE-119

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Alliedtelesis	Ar440s	-	All	All	All
Hardware	Alliedtelesis	Ar440s	-	All	All	All
Operating System	Alliedtelesis	Ar440s Firmware	All	All	All	All
Hardware	Alliedtelesis	Ar441s	-	All	All	All
Hardware	Alliedtelesis	Ar441s	-	All	All	All
Operating System	Alliedtelesis	Ar441s Firmware	All	All	All	All
Hardware	Alliedtelesis	Ar442s	-	All	All	All
Hardware	Alliedtelesis	Ar442s	-	All	All	All
Operating System	Alliedtelesis	Ar442s Firmware	All	All	All	All
Hardware	Alliedtelesis	Ar745	-	All	All	All
Hardware	Alliedtelesis	Ar745	-	All	All	All
Operating System	Alliedtelesis	Ar745 Firmware	All	All	All	All
Hardware	Alliedtelesis	Ar750s	-	All	All	All
Hardware	Alliedtelesis	Ar750s	-	All	All	All
Hardware	Alliedtelesis	Ar750s-dp	-	All	All	All
Hardware	Alliedtelesis	Ar750s-dp	-	All	All	All
Operating System	Alliedtelesis	Ar750s-dp Firmware	All	All	All	All
Operating System	Alliedtelesis	Ar750s Firmware	All	All	All	All
Hardware	Alliedtelesis	At-8624poe	All	All	All	All
Hardware	Alliedtelesis	At-8624poe	All	All	All	All
Operating System	Alliedtelesis	At-8624poe Firmware	All	All	All	All
Hardware	Alliedtelesis	At-8624t/2m	All	All	All	All
Operating System	Alliedtelesis	At-8624t/2m Firmware	All	All	All	All
Hardware	Alliedtelesis	At-8624t/2m	All	All	All	All
Hardware	Alliedtelesis	At-8624t/2m	All	All	All	All
Operating System	Alliedtelesis	At-8624t/2m Firmware	All	All	All	All
Hardware	Alliedtelesis	At-8648t/2sp	All	All	All	All
Operating System	Alliedtelesis	At-8648t/2sp Firmware	All	All	All	All
Hardware	Alliedtelesis	At-8648t/2sp	All	All	All	All
Hardware	Alliedtelesis	At-8648t/2sp	All	All	All	All
Operating System	Alliedtelesis	At-8648t/2sp Firmware	All	All	All	All
Hardware	Alliedtelesis	At-8748xl	All	All	All	All
Hardware	Alliedtelesis	At-8748xl	All	All	All	All
Operating System	Alliedtelesis	At-8748xl Firmware	All	All	All	All
Hardware	Alliedtelesis	At-8848	All	All	All	All
Hardware	Alliedtelesis	At-8848	All	All	All	All
Operating System	Alliedtelesis	At-8848 Firmware	All	All	All	All
Hardware	Alliedtelesis	At-9816gb	All	All	All	All
Hardware	Alliedtelesis	At-9816gb	All	All	All	All
Operating System	Alliedtelesis	At-9816gb Firmware	All	All	All	All
Hardware	Alliedtelesis	At-9924t	All	All	All	All
Hardware	Alliedtelesis	At-9924t	All	All	All	All
Hardware	Alliedtelesis	At-9924ts	All	All	All	All
Hardware	Alliedtelesis	At-9924ts	All	All	All	All
Operating System	Alliedtelesis	At-9924ts Firmware	All	All	All	All
Operating System	Alliedtelesis	At-9924t Firmware	All	All	All	All
Operating System	Alliedtelesis	Centrecom 8700sl Firmware	All	All	All	All
Hardware	Alliedtelesis	Centrecom 8948xl	All	All	All	All
Hardware	Alliedtelesis	Centrecom 8948xl	All	All	All	All
Operating System	Alliedtelesis	Centrecom 8948xl Firmware	All	All	All	All
Hardware	Alliedtelesis	Centrecom 9924sp	All	All	All	All
Hardware	Alliedtelesis	Centrecom 9924sp	All	All	All	All
Operating System	Alliedtelesis	Centrecom 9924sp Firmware	All	All	All	All
Hardware	Alliedtelesis	Centrecom 9924t/4sp	All	All	All	All
Operating System	Alliedtelesis	Centrecom 9924t/4sp Firmware	All	All	All	All
Hardware	Alliedtelesis	Centrecom 9924t/4sp	All	All	All	All
Hardware	Alliedtelesis	Centrecom 9924t/4sp	All	All	All	All
Operating System	Alliedtelesis	Centrecom 9924t/4sp Firmware	All	All	All	All
Hardware	Alliedtelesis	Centrecom Ar415s	All	All	All	All
Hardware	Alliedtelesis	Centrecom Ar415s	All	All	All	All
Operating System	Alliedtelesis	Centrecom Ar415s Firmware	All	All	All	All
Hardware	Alliedtelesis	Centrecom Ar450s	All	All	All	All
Hardware	Alliedtelesis	Centrecom Ar450s	All	All	All	All
Operating System	Alliedtelesis	Centrecom Ar450s Firmware	All	All	All	All
Hardware	Alliedtelesis	Centrecom Ar550s	All	All	All	All
Hardware	Alliedtelesis	Centrecom Ar550s	All	All	All	All
Operating System	Alliedtelesis	Centrecom Ar550s Firmware	All	All	All	All
Hardware	Alliedtelesis	Centrecom Ar570s	All	All	All	All
Hardware	Alliedtelesis	Centrecom Ar570s	All	All	All	All
Operating System	Alliedtelesis	Centrecom Ar570s Firmware	All	All	All	All
Hardware	Alliedtelesis	Centrecom Ar8700sl	All	All	All	All
Hardware	Alliedtelesis	Centrecom Ar8700sl	All	All	All	All
Hardware	Alliedtelesis	Rapier 48i	All	All	All	All
Hardware	Alliedtelesis	Rapier 48i	All	All	All	All
Operating System	Alliedtelesis	Rapier 48i Firmware	All	All	All	All
Hardware	Alliedtelesis	Switchblade4000	All	All	All	All
Hardware	Alliedtelesis	Switchblade4000	All	All	All	All
Operating System	Alliedtelesis	Switchblade4000 Firmware	All	All	All	All

References

Reference	Source	Link	Tags
www.allied-telesis.co.jp/support/list/faq/vuls/20141111aen.html	CONFIRM	www.allied-telesis.co.jp	Vendor Advisory
JVNDB-2014-000132	JVNDB	jvndb.jvn.jp	Vendor Advisory
JVN#22440986: Multiple Allied Telesis products vulnerable to buffer overflow	JVN	jvn.jp	Vendor Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.