Allied Telesis AT-S115 1.2.0 devices, operating on versions prior to 1.00.024 and equipped with Boot Loader version 1.00.006, are susceptible to a Path Traversal vulnerability. This security flaw permits unauthorized users to bypass normal access controls remotely and navigate the device's directory structure to access internal system files directly. Path Traversal attacks, exploit insufficient security validation/sanitization of user-supplied input file paths. By manipulating variables that reference files with dot-dot-slash (../) sequences and similar techniques, attackers can access files and directories stored outside the intended restricted directory. This can lead to information disclosure, unauthorized access, and potentially further system exploitation if sensitive files are exposed. Organizations and individuals using affected versions of Allied Telesis AT-S115 1.2.0 devices are advised to upgrade to latest security supported version to mitigate this vulnerability and protect against potential security breaches.
- CWE-23: Relative Path Traversal: https://cwe.mitre.org/data/definitions/23.html
To exploit this vulnerability, an attacker has to execute the following command over the affected asset web interface:
curl --path-as-is http://<target>/../../../../../../../../../../../../../etc/passwd
- https://www.alliedtelesis.com/en/documents/software-release-notes-s115-v120
- https://www.alliedtelesis.com/sites/default/files/documents/release-notes/ats115v120srna.pdf
This vulnerability has been identified under Bit Sentinel Red Team, which aknowlages the following team as the authors of this finding:
- Daniel Popovici (https://twitter.com/betaflash1)
- Darius Moldovan (https://twitter.com/T3jv1l)
- Lucian Nitescu (https://twitter.com/LucianNitescu)
- Andrei Avadanei (https://twitter.com/AndreiAvadanei)