CVE-2019-18922 — AI Deep Analysis Summary

🚨 **Essence**: Path Traversal in Allied Telesis AT-GS950/8 Web Interface. 📉 **Consequences**: Attackers can access files outside restricted directories. Critical risk of sensitive data exposure.

🛡️ **Root Cause**: Improper filtering of special characters in resource/file paths. 🐛 **Flaw**: The system fails to sanitize inputs, allowing directory traversal sequences (e.g., `../`).

🏢 **Vendor**: Allied Telesis (Japan). 📦 **Product**: AT-GS950/8 Switch. ⚠️ **Affected**: Firmware versions **before** 1.00.047 (or AT-S107 V.1.1.3).

💻 **Hackers' Power**: Read arbitrary files from the device. 📂 **Data Risk**: Access configuration files, logs, or potentially credentials stored outside the web root. No execution mentioned, but high info-leak risk.

🔓 **Threshold**: Likely Low-Medium. ⚙️ **Config**: Exploits the **Web Interface**. If the web UI is accessible (even without auth, or with default creds), exploitation is trivial via HTTP requests.

🔍 **Public Exp?**: Yes. 📜 **PoC**: Available via Nuclei templates (ProjectDiscovery) and PacketStorm. 🌐 **Status**: Active proof-of-concept exists; easy to automate.

🔎 **Self-Check**: Scan for the specific Web Interface. 🧪 **Test**: Send crafted HTTP requests with path traversal payloads (`../../etc/passwd` style) to the web UI endpoints. Check for file content in response.

✅ **Fixed?**: Yes. 🛠️ **Patch**: Upgrade firmware to **1.00.047** or later (specifically AT-S107 V.1.1.3+). Contact Allied Telesis for the official update.

🚧 **No Patch?**: 1. Disable the Web Management Interface if not needed. 🔒 2. Restrict access via Firewall/ACLs to trusted IPs only. 3. Change default credentials immediately.

🔥 **Urgency**: HIGH. 🚀 **Priority**: Patch immediately. Since PoCs are public and it affects network infrastructure (switches), the risk of reconnaissance or data theft is significant. Don't wait!