cbcvebase.
CVE-2019-18922
published 2019-11-29

CVE-2019-18922: A Directory Traversal in the Web interface of the Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 [1.00.047] allows unauthenticated attackers to read…

PriorityP270high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
24.74%
97.6th percentile
A Directory Traversal in the Web interface of the Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 [1.00.047] allows unauthenticated attackers to read arbitrary system files via a GET request. NOTE: This is an End-of-Life product.

Affected

1 ranges
VendorProductVersion rangeFixed in
alliedtelesisat-gs950_8_firmware< 1.00.0471.00.047

Detection & IOCsextracted from sources · hover to see the quote

path/../../../../../../etc/passwd
yara
regex: root:[x*]:0:0
  • Detect unauthenticated HTTP GET requests containing directory traversal sequences targeting /etc/passwd on Allied Telesis AT-GS950/8 web interface.
  • A successful exploit response will return HTTP 200 with content matching the regex 'root:[x*]:0:0', indicating /etc/passwd was read.
  • The traversal payload uses six levels of '../' sequences directly in the URL path: /../../../../../../etc/passwd — no authentication or special headers required.
  • ·This vulnerability affects Allied Telesis AT-GS950/8 devices only up to firmware AT-S107 V.1.1.3 [1.00.047]; the product is End-of-Life.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:C/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.