Описание
A Directory Traversal in the Web interface of the Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 [1.00.047] allows unauthenticated attackers to read arbitrary system files via a GET request. NOTE: This is an End-of-Life product.
Ссылки
- Third Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.00.047 (исключая)
Одновременно
cpe:2.3:o:alliedtelesis:at-gs950\/8_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:alliedtelesis:at-gs950\/8:-:*:*:*:*:*:*:*
EPSS
Процентиль: 99%
0.83925
Высокий
7.5 High
CVSS3
7.8 High
CVSS2
Дефекты
CWE-22
Связанные уязвимости
github
больше 3 лет назад
A Directory Traversal in the Web interface of the Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 [1.00.047] allows unauthenticated attackers to read arbitrary system files via a GET request. NOTE: This is an End-of-Life product.
EPSS
Процентиль: 99%
0.83925
Высокий
7.5 High
CVSS3
7.8 High
CVSS2
Дефекты
CWE-22