What is CVE-2019-18922?

CVE-2019-18922 is a vulnerability in N/a. Published 2019-11-29.

Is CVE-2019-18922 known to be exploited?

7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2019-18922

A Directory Traversal in the Web interface of the Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 [1.00.047] allows unauthenticated attackers to read arbitrary system files via a GET request. NOTE: This is an End-of-Life product.

EPSS: 0.876 (99.5th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/kenzer-templates
StarCrossPortal/scalpel
anonymous364872/Rapier_
apif-review/APIF_
apit-review-account/apit-tool
youcans896768/APIV_

References

pastebin.com/dpEGKUGz (x_refsource_MISC)
20191129 CVE-2019-18922; Directory Traversal; Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 [1.00.047] (mailing-list, x_refsource_FULLDISC)
packetstormsecurity.com/files/155504/Allied-Telesis-AT-GS950-8-Directory-Traver… (x_refsource_MISC)

Frequently asked questions

What is CVE-2019-18922?: CVE-2019-18922 is a vulnerability in N/a. Published 2019-11-29.
Is CVE-2019-18922 known to be exploited?: 7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.