Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities by Allied Telesis K.K.
CVE-2022-38394 (GCVE-0-2022-38394)
Vulnerability from nvd – Published: 2022-09-08 07:10 – Updated: 2024-08-03 10:54
VLAI
Summary
Use of hard-coded credentials for the telnet server of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote unauthenticated attacker to execute an arbitrary OS command.
Severity
No CVSS data available.
CWE
- Use of hard-coded credentials
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.allied-telesis.co.jp/support/list/faq… | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN45473612/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Allied Telesis K.K. | CentreCOM AR260S V2 |
Affected:
firmware versions prior to Ver.3.3.7
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:54:03.548Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.allied-telesis.co.jp/support/list/faq/vuls/20220829.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN45473612/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CentreCOM AR260S V2",
"vendor": "Allied Telesis K.K.",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to Ver.3.3.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of hard-coded credentials for the telnet server of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote unauthenticated attacker to execute an arbitrary OS command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of hard-coded credentials",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-08T07:10:45.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.allied-telesis.co.jp/support/list/faq/vuls/20220829.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN45473612/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-38394",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CentreCOM AR260S V2",
"version": {
"version_data": [
{
"version_value": "firmware versions prior to Ver.3.3.7"
}
]
}
}
]
},
"vendor_name": "Allied Telesis K.K."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use of hard-coded credentials for the telnet server of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote unauthenticated attacker to execute an arbitrary OS command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of hard-coded credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.allied-telesis.co.jp/support/list/faq/vuls/20220829.html",
"refsource": "MISC",
"url": "https://www.allied-telesis.co.jp/support/list/faq/vuls/20220829.html"
},
{
"name": "https://jvn.jp/en/jp/JVN45473612/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN45473612/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-38394",
"datePublished": "2022-09-08T07:10:46.000Z",
"dateReserved": "2022-08-23T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:54:03.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38094 (GCVE-0-2022-38094)
Vulnerability from nvd – Published: 2022-09-08 07:10 – Updated: 2024-08-03 10:45
VLAI
Summary
OS command injection vulnerability in the telnet function of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command.
Severity
No CVSS data available.
CWE
- OS Command Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.allied-telesis.co.jp/support/list/faq… | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN45473612/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Allied Telesis K.K. | CentreCOM AR260S V2 |
Affected:
firmware versions prior to Ver.3.3.7
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:45:52.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.allied-telesis.co.jp/support/list/faq/vuls/20220829.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN45473612/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CentreCOM AR260S V2",
"vendor": "Allied Telesis K.K.",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to Ver.3.3.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OS command injection vulnerability in the telnet function of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-08T07:10:45.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.allied-telesis.co.jp/support/list/faq/vuls/20220829.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN45473612/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-38094",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CentreCOM AR260S V2",
"version": {
"version_data": [
{
"version_value": "firmware versions prior to Ver.3.3.7"
}
]
}
}
]
},
"vendor_name": "Allied Telesis K.K."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OS command injection vulnerability in the telnet function of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.allied-telesis.co.jp/support/list/faq/vuls/20220829.html",
"refsource": "MISC",
"url": "https://www.allied-telesis.co.jp/support/list/faq/vuls/20220829.html"
},
{
"name": "https://jvn.jp/en/jp/JVN45473612/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN45473612/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-38094",
"datePublished": "2022-09-08T07:10:45.000Z",
"dateReserved": "2022-08-23T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:45:52.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-35273 (GCVE-0-2022-35273)
Vulnerability from nvd – Published: 2022-09-08 07:10 – Updated: 2024-08-03 09:36
VLAI
Summary
OS command injection vulnerability in GUI setting page of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command.
Severity
No CVSS data available.
CWE
- OS Command Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.allied-telesis.co.jp/support/list/faq… | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN45473612/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Allied Telesis K.K. | CentreCOM AR260S V2 |
Affected:
firmware versions prior to Ver.3.3.7
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:36:44.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.allied-telesis.co.jp/support/list/faq/vuls/20220829.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN45473612/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CentreCOM AR260S V2",
"vendor": "Allied Telesis K.K.",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to Ver.3.3.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OS command injection vulnerability in GUI setting page of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-08T07:10:43.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.allied-telesis.co.jp/support/list/faq/vuls/20220829.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN45473612/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-35273",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CentreCOM AR260S V2",
"version": {
"version_data": [
{
"version_value": "firmware versions prior to Ver.3.3.7"
}
]
}
}
]
},
"vendor_name": "Allied Telesis K.K."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OS command injection vulnerability in GUI setting page of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.allied-telesis.co.jp/support/list/faq/vuls/20220829.html",
"refsource": "MISC",
"url": "https://www.allied-telesis.co.jp/support/list/faq/vuls/20220829.html"
},
{
"name": "https://jvn.jp/en/jp/JVN45473612/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN45473612/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-35273",
"datePublished": "2022-09-08T07:10:43.000Z",
"dateReserved": "2022-08-23T00:00:00.000Z",
"dateUpdated": "2024-08-03T09:36:44.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34869 (GCVE-0-2022-34869)
Vulnerability from nvd – Published: 2022-09-08 07:10 – Updated: 2024-08-03 09:22
VLAI
Summary
Undocumented hidden command that can be executed from the telnet function of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command.
Severity
No CVSS data available.
CWE
- Hidden Functionality
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.allied-telesis.co.jp/support/list/faq… | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN45473612/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Allied Telesis K.K. | CentreCOM AR260S V2 |
Affected:
firmware versions prior to Ver.3.3.7
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:22:10.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.allied-telesis.co.jp/support/list/faq/vuls/20220829.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN45473612/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CentreCOM AR260S V2",
"vendor": "Allied Telesis K.K.",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to Ver.3.3.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Undocumented hidden command that can be executed from the telnet function of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Hidden Functionality",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-08T07:10:42.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.allied-telesis.co.jp/support/list/faq/vuls/20220829.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN45473612/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-34869",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CentreCOM AR260S V2",
"version": {
"version_data": [
{
"version_value": "firmware versions prior to Ver.3.3.7"
}
]
}
}
]
},
"vendor_name": "Allied Telesis K.K."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Undocumented hidden command that can be executed from the telnet function of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Hidden Functionality"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.allied-telesis.co.jp/support/list/faq/vuls/20220829.html",
"refsource": "MISC",
"url": "https://www.allied-telesis.co.jp/support/list/faq/vuls/20220829.html"
},
{
"name": "https://jvn.jp/en/jp/JVN45473612/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN45473612/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-34869",
"datePublished": "2022-09-08T07:10:42.000Z",
"dateReserved": "2022-08-23T00:00:00.000Z",
"dateUpdated": "2024-08-03T09:22:10.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2125 (GCVE-0-2017-2125)
Vulnerability from nvd – Published: 2017-04-28 16:00 – Updated: 2024-08-05 13:39
VLAI
Summary
Privilege escalation vulnerability in CentreCOM AR260S V2 remote authenticated attackers to gain privileges via the guest account.
Severity
No CVSS data available.
CWE
- Privilege escalation
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.allied-telesis.co.jp/support/list/faq/… | x_refsource_MISC |
| http://jvn.jp/en/jp/JVN55121369/index.html | third-party-advisoryx_refsource_JVN |
| http://www.securityfocus.com/bid/97249 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Allied Telesis K.K. | CentreCOM |
Affected:
AR260S V2
|
Date Public
2017-04-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.allied-telesis.co.jp/support/list/faq/vuls/20170330aen.html"
},
{
"name": "JVN#55121369",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN55121369/index.html"
},
{
"name": "97249",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97249"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CentreCOM",
"vendor": "Allied Telesis K.K.",
"versions": [
{
"status": "affected",
"version": "AR260S V2"
}
]
}
],
"datePublic": "2017-04-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Privilege escalation vulnerability in CentreCOM AR260S V2 remote authenticated attackers to gain privileges via the guest account."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-01T09:57:02.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.allied-telesis.co.jp/support/list/faq/vuls/20170330aen.html"
},
{
"name": "JVN#55121369",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN55121369/index.html"
},
{
"name": "97249",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97249"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2125",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CentreCOM",
"version": {
"version_data": [
{
"version_value": "AR260S V2"
}
]
}
}
]
},
"vendor_name": "Allied Telesis K.K."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Privilege escalation vulnerability in CentreCOM AR260S V2 remote authenticated attackers to gain privileges via the guest account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.allied-telesis.co.jp/support/list/faq/vuls/20170330aen.html",
"refsource": "MISC",
"url": "http://www.allied-telesis.co.jp/support/list/faq/vuls/20170330aen.html"
},
{
"name": "JVN#55121369",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN55121369/index.html"
},
{
"name": "97249",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97249"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2125",
"datePublished": "2017-04-28T16:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:39:32.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38394 (GCVE-0-2022-38394)
Vulnerability from cvelistv5 – Published: 2022-09-08 07:10 – Updated: 2024-08-03 10:54
VLAI
Summary
Use of hard-coded credentials for the telnet server of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote unauthenticated attacker to execute an arbitrary OS command.
Severity
No CVSS data available.
CWE
- Use of hard-coded credentials
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.allied-telesis.co.jp/support/list/faq… | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN45473612/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Allied Telesis K.K. | CentreCOM AR260S V2 |
Affected:
firmware versions prior to Ver.3.3.7
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:54:03.548Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.allied-telesis.co.jp/support/list/faq/vuls/20220829.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN45473612/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CentreCOM AR260S V2",
"vendor": "Allied Telesis K.K.",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to Ver.3.3.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of hard-coded credentials for the telnet server of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote unauthenticated attacker to execute an arbitrary OS command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of hard-coded credentials",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-08T07:10:45.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.allied-telesis.co.jp/support/list/faq/vuls/20220829.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN45473612/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-38394",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CentreCOM AR260S V2",
"version": {
"version_data": [
{
"version_value": "firmware versions prior to Ver.3.3.7"
}
]
}
}
]
},
"vendor_name": "Allied Telesis K.K."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use of hard-coded credentials for the telnet server of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote unauthenticated attacker to execute an arbitrary OS command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of hard-coded credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.allied-telesis.co.jp/support/list/faq/vuls/20220829.html",
"refsource": "MISC",
"url": "https://www.allied-telesis.co.jp/support/list/faq/vuls/20220829.html"
},
{
"name": "https://jvn.jp/en/jp/JVN45473612/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN45473612/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-38394",
"datePublished": "2022-09-08T07:10:46.000Z",
"dateReserved": "2022-08-23T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:54:03.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38094 (GCVE-0-2022-38094)
Vulnerability from cvelistv5 – Published: 2022-09-08 07:10 – Updated: 2024-08-03 10:45
VLAI
Summary
OS command injection vulnerability in the telnet function of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command.
Severity
No CVSS data available.
CWE
- OS Command Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.allied-telesis.co.jp/support/list/faq… | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN45473612/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Allied Telesis K.K. | CentreCOM AR260S V2 |
Affected:
firmware versions prior to Ver.3.3.7
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:45:52.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.allied-telesis.co.jp/support/list/faq/vuls/20220829.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN45473612/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CentreCOM AR260S V2",
"vendor": "Allied Telesis K.K.",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to Ver.3.3.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OS command injection vulnerability in the telnet function of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-08T07:10:45.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.allied-telesis.co.jp/support/list/faq/vuls/20220829.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN45473612/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-38094",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CentreCOM AR260S V2",
"version": {
"version_data": [
{
"version_value": "firmware versions prior to Ver.3.3.7"
}
]
}
}
]
},
"vendor_name": "Allied Telesis K.K."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OS command injection vulnerability in the telnet function of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.allied-telesis.co.jp/support/list/faq/vuls/20220829.html",
"refsource": "MISC",
"url": "https://www.allied-telesis.co.jp/support/list/faq/vuls/20220829.html"
},
{
"name": "https://jvn.jp/en/jp/JVN45473612/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN45473612/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-38094",
"datePublished": "2022-09-08T07:10:45.000Z",
"dateReserved": "2022-08-23T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:45:52.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-35273 (GCVE-0-2022-35273)
Vulnerability from cvelistv5 – Published: 2022-09-08 07:10 – Updated: 2024-08-03 09:36
VLAI
Summary
OS command injection vulnerability in GUI setting page of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command.
Severity
No CVSS data available.
CWE
- OS Command Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.allied-telesis.co.jp/support/list/faq… | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN45473612/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Allied Telesis K.K. | CentreCOM AR260S V2 |
Affected:
firmware versions prior to Ver.3.3.7
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:36:44.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.allied-telesis.co.jp/support/list/faq/vuls/20220829.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN45473612/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CentreCOM AR260S V2",
"vendor": "Allied Telesis K.K.",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to Ver.3.3.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OS command injection vulnerability in GUI setting page of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-08T07:10:43.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.allied-telesis.co.jp/support/list/faq/vuls/20220829.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN45473612/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-35273",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CentreCOM AR260S V2",
"version": {
"version_data": [
{
"version_value": "firmware versions prior to Ver.3.3.7"
}
]
}
}
]
},
"vendor_name": "Allied Telesis K.K."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OS command injection vulnerability in GUI setting page of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.allied-telesis.co.jp/support/list/faq/vuls/20220829.html",
"refsource": "MISC",
"url": "https://www.allied-telesis.co.jp/support/list/faq/vuls/20220829.html"
},
{
"name": "https://jvn.jp/en/jp/JVN45473612/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN45473612/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-35273",
"datePublished": "2022-09-08T07:10:43.000Z",
"dateReserved": "2022-08-23T00:00:00.000Z",
"dateUpdated": "2024-08-03T09:36:44.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34869 (GCVE-0-2022-34869)
Vulnerability from cvelistv5 – Published: 2022-09-08 07:10 – Updated: 2024-08-03 09:22
VLAI
Summary
Undocumented hidden command that can be executed from the telnet function of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command.
Severity
No CVSS data available.
CWE
- Hidden Functionality
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.allied-telesis.co.jp/support/list/faq… | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN45473612/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Allied Telesis K.K. | CentreCOM AR260S V2 |
Affected:
firmware versions prior to Ver.3.3.7
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:22:10.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.allied-telesis.co.jp/support/list/faq/vuls/20220829.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN45473612/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CentreCOM AR260S V2",
"vendor": "Allied Telesis K.K.",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to Ver.3.3.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Undocumented hidden command that can be executed from the telnet function of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Hidden Functionality",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-08T07:10:42.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.allied-telesis.co.jp/support/list/faq/vuls/20220829.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN45473612/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-34869",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CentreCOM AR260S V2",
"version": {
"version_data": [
{
"version_value": "firmware versions prior to Ver.3.3.7"
}
]
}
}
]
},
"vendor_name": "Allied Telesis K.K."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Undocumented hidden command that can be executed from the telnet function of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Hidden Functionality"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.allied-telesis.co.jp/support/list/faq/vuls/20220829.html",
"refsource": "MISC",
"url": "https://www.allied-telesis.co.jp/support/list/faq/vuls/20220829.html"
},
{
"name": "https://jvn.jp/en/jp/JVN45473612/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN45473612/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-34869",
"datePublished": "2022-09-08T07:10:42.000Z",
"dateReserved": "2022-08-23T00:00:00.000Z",
"dateUpdated": "2024-08-03T09:22:10.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2125 (GCVE-0-2017-2125)
Vulnerability from cvelistv5 – Published: 2017-04-28 16:00 – Updated: 2024-08-05 13:39
VLAI
Summary
Privilege escalation vulnerability in CentreCOM AR260S V2 remote authenticated attackers to gain privileges via the guest account.
Severity
No CVSS data available.
CWE
- Privilege escalation
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.allied-telesis.co.jp/support/list/faq/… | x_refsource_MISC |
| http://jvn.jp/en/jp/JVN55121369/index.html | third-party-advisoryx_refsource_JVN |
| http://www.securityfocus.com/bid/97249 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Allied Telesis K.K. | CentreCOM |
Affected:
AR260S V2
|
Date Public
2017-04-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.allied-telesis.co.jp/support/list/faq/vuls/20170330aen.html"
},
{
"name": "JVN#55121369",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN55121369/index.html"
},
{
"name": "97249",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97249"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CentreCOM",
"vendor": "Allied Telesis K.K.",
"versions": [
{
"status": "affected",
"version": "AR260S V2"
}
]
}
],
"datePublic": "2017-04-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Privilege escalation vulnerability in CentreCOM AR260S V2 remote authenticated attackers to gain privileges via the guest account."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-01T09:57:02.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.allied-telesis.co.jp/support/list/faq/vuls/20170330aen.html"
},
{
"name": "JVN#55121369",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN55121369/index.html"
},
{
"name": "97249",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97249"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2125",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CentreCOM",
"version": {
"version_data": [
{
"version_value": "AR260S V2"
}
]
}
}
]
},
"vendor_name": "Allied Telesis K.K."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Privilege escalation vulnerability in CentreCOM AR260S V2 remote authenticated attackers to gain privileges via the guest account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.allied-telesis.co.jp/support/list/faq/vuls/20170330aen.html",
"refsource": "MISC",
"url": "http://www.allied-telesis.co.jp/support/list/faq/vuls/20170330aen.html"
},
{
"name": "JVN#55121369",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN55121369/index.html"
},
{
"name": "97249",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97249"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2125",
"datePublished": "2017-04-28T16:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:39:32.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}