| Title | アライドテレシス製の複数の製品におけるバッファオーバーフローの脆弱性 |
|---|---|
| Summary | アライドテレシス株式会社が提供する AR ルータシリーズおよび Alliedware 塔載スイッチには、POST メソッドの処理に起因するバッファオーバーフロー (CWE-788) の脆弱性が存在します。 |
| Possible impacts | 細工された HTTP リクエストを受信する事により、任意のコードを実行される可能性があります。 |
| Solution | [アップデートする] 開発者が提供する情報をもとに、ファームウェアをアップデートしてください。 [ワークアラウンドを実施する] 次のワークアラウンドを実施することで、本脆弱性の影響を回避することが可能です。 ・ HTTP サービスを無効にする (コマンド "DISABLE HTTP SERVER") ・ HTTP によるアクセスを制限する |
| Publication Date | Dec. 18, 2014, midnight |
| Registration Date | Dec. 18, 2014, 12:03 p.m. |
| Last Update | Jan. 28, 2015, 5:20 p.m. |
| CVSS2.0 : 危険 | |
| Score | 10 |
|---|---|
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
| アライドテレシス |
| AR440S |
| AR441S |
| AR442S |
| AR745 |
| AR750S |
| AR750S-DP |
| AT-8624POE |
| AT-8624T/2M |
| AT-8648T/2SP |
| AT-8848 |
| AT-9924T |
| CentreCOM 8700SL シリーズ |
| CentreCOM 8700XL シリーズ (サポート終了) |
| CentreCOM 8724SL v2 |
| CentreCOM 8948XL シリーズ |
| CentreCOM 9812T シリーズ (サポート終了) |
| CentreCOM 9816GB シリーズ (サポート終了) |
| CentreCOM 9924SP (サポート終了) |
| CentreCOM 9924T/4SP シリーズ (サポート終了) |
| CentreCOM 9924Ts シリーズ (サポート終了) |
| CentreCOM AR300 v2 (サポート終了) |
| CentreCOM AR300L v2 (サポート終了) |
| CentreCOM AR320 (サポート終了) |
| CentreCOM AR410(S) v2 (サポート終了) |
| CentreCOM AR415S |
| CentreCOM AR450S (サポート終了) |
| CentreCOM AR550S |
| CentreCOM AR560S |
| CentreCOM AR570S |
| CentreCOM AR720(S) (サポート終了) |
| CentreCOM AR740(S) (サポート終了) |
| Rapier 48i |
| SwitchBlade4000 |
| No | Changed Details | Date of change |
|---|---|---|
| 0 | [2014年12月18日] 掲載 [2014年12月22日] 参考情報:National Vulnerability Database (NVD) (CVE-2014-7249) を追加 [2015年01月28日] 影響を受けるシステム:内容を更新 |
Feb. 17, 2018, 10:37 a.m. |
| Summary | Buffer overflow on the Allied Telesis AR440S, AR441S, AR442S, AR745, AR750S, AR750S-DP, AT-8624POE, AT-8624T/2M, AT-8648T/2SP, AT-8748XL, AT-8848, AT-9816GB, AT-9924T, AT-9924Ts, CentreCOM AR415S, CentreCOM AR450S, CentreCOM AR550S, CentreCOM AR570S, CentreCOM 8700SL, CentreCOM 8948XL, CentreCOM 9924SP, CentreCOM 9924T/4SP, Rapier 48i, and SwitchBlade4000 with firmware before 2.9.1-21 allows remote attackers to execute arbitrary code via a crafted HTTP POST request. |
|---|---|
| Publication Date | Dec. 19, 2014, 8:59 p.m. |
| Registration Date | Jan. 26, 2021, 3:18 p.m. |
| Last Update | Nov. 21, 2024, 11:16 a.m. |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:o:alliedtelesis:centrecom_ar415s_firmware:*:*:*:*:*:*:*:* | 2.9.1-20 | ||||
| cpe:2.3:h:alliedtelesis:centrecom_ar415s:*:*:*:*:*:*:*:* | |||||
| Configuration2 | or higher | or less | more than | less than | |
| cpe:2.3:o:alliedtelesis:at-8624t\/2m_firmware:*:*:*:*:*:*:*:* | 2.9.1-20 | ||||
| cpe:2.3:h:alliedtelesis:at-8624t\/2m:*:*:*:*:*:*:*:* | |||||
| Configuration3 | or higher | or less | more than | less than | |
| cpe:2.3:o:alliedtelesis:ar442s_firmware:*:*:*:*:*:*:*:* | 2.9.1-20 | ||||
| cpe:2.3:h:alliedtelesis:ar442s:-:*:*:*:*:*:*:* | |||||
| Configuration4 | or higher | or less | more than | less than | |
| cpe:2.3:o:alliedtelesis:at-9924t_firmware:*:*:*:*:*:*:*:* | 2.9.1-20 | ||||
| cpe:2.3:h:alliedtelesis:at-9924t:*:*:*:*:*:*:*:* | |||||
| Configuration5 | or higher | or less | more than | less than | |
| cpe:2.3:o:alliedtelesis:at-8848_firmware:*:*:*:*:*:*:*:* | 2.9.1-20 | ||||
| cpe:2.3:h:alliedtelesis:at-8848:*:*:*:*:*:*:*:* | |||||
| Configuration6 | or higher | or less | more than | less than | |
| cpe:2.3:o:alliedtelesis:rapier_48i_firmware:*:*:*:*:*:*:*:* | 2.9.1-20 | ||||
| cpe:2.3:h:alliedtelesis:rapier_48i:*:*:*:*:*:*:*:* | |||||
| Configuration7 | or higher | or less | more than | less than | |
| cpe:2.3:o:alliedtelesis:centrecom_ar450s_firmware:*:*:*:*:*:*:*:* | 2.9.1-20 | ||||
| cpe:2.3:h:alliedtelesis:centrecom_ar450s:*:*:*:*:*:*:*:* | |||||
| Configuration8 | or higher | or less | more than | less than | |
| cpe:2.3:o:alliedtelesis:ar745_firmware:*:*:*:*:*:*:*:* | 2.9.1-20 | ||||
| cpe:2.3:h:alliedtelesis:ar745:-:*:*:*:*:*:*:* | |||||
| Configuration9 | or higher | or less | more than | less than | |
| cpe:2.3:o:alliedtelesis:ar441s_firmware:*:*:*:*:*:*:*:* | 2.9.1-20 | ||||
| cpe:2.3:h:alliedtelesis:ar441s:-:*:*:*:*:*:*:* | |||||
| Configuration10 | or higher | or less | more than | less than | |
| cpe:2.3:o:alliedtelesis:centrecom_9924sp_firmware:*:*:*:*:*:*:*:* | 2.9.1-20 | ||||
| cpe:2.3:h:alliedtelesis:centrecom_9924sp:*:*:*:*:*:*:*:* | |||||
| Configuration11 | or higher | or less | more than | less than | |
| cpe:2.3:o:alliedtelesis:switchblade4000_firmware:*:*:*:*:*:*:*:* | 2.9.1-20 | ||||
| cpe:2.3:h:alliedtelesis:switchblade4000:*:*:*:*:*:*:*:* | |||||
| Configuration12 | or higher | or less | more than | less than | |
| cpe:2.3:o:alliedtelesis:at-8624poe_firmware:*:*:*:*:*:*:*:* | 2.9.1-20 | ||||
| cpe:2.3:h:alliedtelesis:at-8624poe:*:*:*:*:*:*:*:* | |||||
| Configuration13 | or higher | or less | more than | less than | |
| cpe:2.3:o:alliedtelesis:centrecom_9924t\/4sp_firmware:*:*:*:*:*:*:*:* | 2.9.1-20 | ||||
| cpe:2.3:h:alliedtelesis:centrecom_9924t\/4sp:*:*:*:*:*:*:*:* | |||||
| Configuration14 | or higher | or less | more than | less than | |
| cpe:2.3:o:alliedtelesis:at-9816gb_firmware:*:*:*:*:*:*:*:* | 2.9.1-20 | ||||
| cpe:2.3:h:alliedtelesis:at-9816gb:*:*:*:*:*:*:*:* | |||||
| Configuration15 | or higher | or less | more than | less than | |
| cpe:2.3:o:alliedtelesis:at-9924ts_firmware:*:*:*:*:*:*:*:* | 2.9.1-20 | ||||
| cpe:2.3:h:alliedtelesis:at-9924ts:*:*:*:*:*:*:*:* | |||||
| Configuration16 | or higher | or less | more than | less than | |
| cpe:2.3:o:alliedtelesis:ar750s_firmware:*:*:*:*:*:*:*:* | 2.9.1-20 | ||||
| cpe:2.3:h:alliedtelesis:ar750s:-:*:*:*:*:*:*:* | |||||
| Configuration17 | or higher | or less | more than | less than | |
| cpe:2.3:o:alliedtelesis:centrecom_ar570s_firmware:*:*:*:*:*:*:*:* | 2.9.1-20 | ||||
| cpe:2.3:h:alliedtelesis:centrecom_ar570s:*:*:*:*:*:*:*:* | |||||
| Configuration18 | or higher | or less | more than | less than | |
| cpe:2.3:o:alliedtelesis:centrecom_8948xl_firmware:*:*:*:*:*:*:*:* | 2.9.1-20 | ||||
| cpe:2.3:h:alliedtelesis:centrecom_8948xl:*:*:*:*:*:*:*:* | |||||
| Configuration19 | or higher | or less | more than | less than | |
| cpe:2.3:o:alliedtelesis:at-8648t\/2sp_firmware:*:*:*:*:*:*:*:* | 2.9.1-20 | ||||
| cpe:2.3:h:alliedtelesis:at-8648t\/2sp:*:*:*:*:*:*:*:* | |||||
| Configuration20 | or higher | or less | more than | less than | |
| cpe:2.3:o:alliedtelesis:centrecom_8700sl_firmware:*:*:*:*:*:*:*:* | 2.9.1-20 | ||||
| cpe:2.3:h:alliedtelesis:centrecom_ar8700sl:*:*:*:*:*:*:*:* | |||||
| Configuration21 | or higher | or less | more than | less than | |
| cpe:2.3:o:alliedtelesis:ar750s-dp_firmware:*:*:*:*:*:*:*:* | 2.9.1-20 | ||||
| cpe:2.3:h:alliedtelesis:ar750s-dp:-:*:*:*:*:*:*:* | |||||
| Configuration22 | or higher | or less | more than | less than | |
| cpe:2.3:o:alliedtelesis:centrecom_ar550s_firmware:*:*:*:*:*:*:*:* | 2.9.1-20 | ||||
| cpe:2.3:h:alliedtelesis:centrecom_ar550s:*:*:*:*:*:*:*:* | |||||
| Configuration23 | or higher | or less | more than | less than | |
| cpe:2.3:o:alliedtelesis:at-8748xl_firmware:*:*:*:*:*:*:*:* | 2.9.1-20 | ||||
| cpe:2.3:h:alliedtelesis:at-8748xl:*:*:*:*:*:*:*:* | |||||
| Configuration24 | or higher | or less | more than | less than | |
| cpe:2.3:o:alliedtelesis:ar440s_firmware:*:*:*:*:*:*:*:* | 2.9.1-20 | ||||
| cpe:2.3:h:alliedtelesis:ar440s:-:*:*:*:*:*:*:* | |||||