Vulnerability Details CVE-2019-18922
A Directory Traversal in the Web interface of the Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 [1.00.047] allows unauthenticated attackers to read arbitrary system files via a GET request. NOTE: This is an End-of-Life product.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.916
EPSS Ranking 99.6%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 7.8
References
- http://packetstormsecurity.com/files/155504/Allied-Telesis-AT-GS950-8-Directory-Traversal.html
- http://seclists.org/fulldisclosure/2019/Nov/31
- https://pastebin.com/dpEGKUGz
- http://packetstormsecurity.com/files/155504/Allied-Telesis-AT-GS950-8-Directory-Traversal.html
- http://seclists.org/fulldisclosure/2019/Nov/31
- https://pastebin.com/dpEGKUGz
Products affected by CVE-2019-18922
-
cpe:2.3:h:alliedtelesis:at-gs950/8:-
-
cpe:2.3:o:alliedtelesis:at-gs950/8_firmware:*