Vulnerability of privilege elevation on CentreCOM AR260S V2
Allied Telesis K.K.
Release 2017.03.30
Japanese Page (日本語ページ) >
CentreCOM AR260S v2 has below vulnerability.
1) Summary of vulnerable
CentreCOM AR260S v2 has vulnerability of possibility that can any
control on administrator
privilege by user level account.
2) Affected Products
All firmware version on CentreCOM AR260S v2.
3) Impact
CentreCOM AR260S v2 has possibility of attacked by using this
vulnerability when not change password from default because user "guest"
account is exist on initial setting.
4) Workarounds
You should verify below 4-1 and 4-2 setting for protect from attacked.
And, you can avoid attacked from WAN by workarrounds of 4-3.
4-1) Change the password on "guest" account from default.
"guest" account password is public known. Any user account's
password should not know to outsider.
If any account password is known change to password that is not
able to know to outsider.
4-2) Set to "setting managed client".
This product can set management client that has the setting
privileger. Can control access from other client by that setting.
4-3) Enable firewall.
CentreCOM AR260S v2 has firewall, and that is enabled on default
setting. This device is not accept to affected this vulnerability
from WAN by the firewall.
|