JVNDB-2014-000132

Multiple Allied Telesis products vulnerable to buffer overflow

AR Router Series and Alliedware switches provided by Allied Telesis Group contain a buffer overflow vulnerability (CWE-788) due to a flaw when processing a POST method.

The following products with the firmware version 2.9.1-20 and earlier are affected.

Allied Telesis

• AR440S
• AR441S
• AR442S
• AR745
• AR750S
• AR750S-DP
• AT-8624POE
• AT-8624T/2M
• AT-8648T/2SP
• AT-8848
• AT-9924T
• CentreCOM 8700SL Series
• CentreCOM 8700XL Series (End of Support)
• CentreCOM 8724SL v2
• CentreCOM 8948XL Series
• CentreCOM 9812T Series (End of Support)
• CentreCOM 9816GB Series (End of Support)
• CentreCOM 9924SP (End of Support)
• CentreCOM 9924T/4SP Series (End of Support)
• CentreCOM 9924Ts Series (End of Support)
• CentreCOM AR300 v2 (End of Support)
• CentreCOM AR300L v2 (End of Support)
• CentreCOM AR320 (End of Support)
• CentreCOM AR410(S) v2 (End of Support)
• CentreCOM AR415S
• CentreCOM AR450S (End of Support)
• CentreCOM AR550S
• CentreCOM AR560S
• CentreCOM AR570S
• CentreCOM AR720(S) (End of Support)
• CentreCOM AR740(S) (End of Support)
• Rapier 48i
• SwitchBlade4000

Arbitrary code may be executed when processing a specially crafted HTTP request.

[Update the Firmware]
Update to the latest version according to the information provided by the developer.

[Apply a workaround]
The following workaround may mitigate the affects of this vulnerability.

* Disable HTTP services (use the command "DISABLE HTTP SERVER")
* Restrict HTTP access

Allied Telesis

• Allied Telesis : Allied Telesis Group website (in Japanese)

1. Buffer Errors(CWE-119) [IPA Evaluation]

1. CVE-2014-7249

1. JVN : JVN#22440986
2. National Vulnerability Database (NVD) : CVE-2014-7249
3. IPA SECURITY ALERTS : Security Alert for Multiple Allied Telesis products vulnerable to buffer overflow (JVN#22440986) (in Japanese)

• [2014/12/18]
    Web page was published
  [2014/12/22]
    References : Content was added
  [2015/01/28]
    Affected Products : Products were added