VYPR
Vendor

Allied Telesis

Products
9
CVEs
12
Across products
14
Status
Private

Products

9

Recent CVEs

12
  • CVE-2022-38394CriSep 8, 2022
    risk 0.64cvss 9.8epss 0.01

    Use of hard-coded credentials for the telnet server of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote unauthenticated attacker to execute an arbitrary OS command.

  • CVE-2022-38094HigSep 8, 2022
    risk 0.57cvss 8.8epss 0.02

    OS command injection vulnerability in the telnet function of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command.

  • CVE-2022-35273HigSep 8, 2022
    risk 0.57cvss 8.8epss 0.02

    OS command injection vulnerability in GUI setting page of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command.

  • CVE-2022-34869HigSep 8, 2022
    risk 0.57cvss 8.8epss 0.01

    Undocumented hidden command that can be executed from the telnet function of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command.

  • CVE-2017-2125HigApr 28, 2017
    risk 0.57cvss 8.8epss 0.02

    Privilege escalation vulnerability in CentreCOM AR260S V2 remote authenticated attackers to gain privileges via the guest account.

  • CVE-2019-18922HigNov 29, 2019
    risk 0.51cvss 7.5epss 0.25

    A Directory Traversal in the Web interface of the Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 [1.00.047] allows unauthenticated attackers to read arbitrary system files via a GET request. NOTE: This is an End-of-Life product.

  • CVE-2021-31156HigMar 28, 2024
    risk 0.49cvss 7.5epss 0.01

    Allied Telesis AT-S115 1.2.0 devices before 1.00.024 with Boot Loader 1.00.006 allow Directory Traversal to achieve partial access to data.

  • CVE-2018-20503MedMay 7, 2019
    risk 0.43cvss 6.1epss 0.04

    Allied Telesis 8100L/8 devices allow XSS via the edit-ipv4_interface.php vlanid or subnet_mask parameter.

  • CVE-2014-1982Mar 31, 2014
    risk 0.04cvss epss 0.10

    The administrative interface in Allied Telesis AT-RG634A ADSL Broadband router 3.3+, iMG624A firmware 3.5, iMG616LH firmware 2.4, and iMG646BD firmware 3.5 allows remote attackers to gain privileges and execute arbitrary commands via a direct request to cli.html.

  • CVE-2014-7249Dec 19, 2014
    risk 0.00cvss epss 0.06

    Buffer overflow on the Allied Telesis AR440S, AR441S, AR442S, AR745, AR750S, AR750S-DP, AT-8624POE, AT-8624T/2M, AT-8648T/2SP, AT-8748XL, AT-8848, AT-9816GB, AT-9924T, AT-9924Ts, CentreCOM AR415S, CentreCOM AR450S, CentreCOM AR550S, CentreCOM AR570S, CentreCOM 8700SL, CentreCOM…

  • CVE-2006-6718Dec 23, 2006
    risk 0.00cvss epss 0.01

    The Allied Telesis AT-9000/24 Ethernet switch has a default password for its admin account, "manager," which allows remote attackers to perform unauthorized actions.

  • CVE-2006-6717Dec 23, 2006
    risk 0.00cvss epss 0.01

    The Allied Telesis AT-9000/24 Ethernet switch accepts management packets from arbitrary VLANs, contrary to the documentation, which allows remote attackers to conduct attacks against the switch from unexpected locations.