.. / CVE-2019-18922

Exploit for Allied Telesis AT-GS950/8 - Local File Inclusion (CVE-2019-18922)

Description:

Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 is susceptible to local file inclusion via its web interface.

Nuclei Template

View the template here CVE-2019-18922.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2019/CVE-2019-18922.yaml
Copy

References:

http://seclists.org/fulldisclosure/2019/Nov/31
https://pastebin.com/dpEGKUGz
https://nvd.nist.gov/vuln/detail/CVE-2019-18922
https://packetstormsecurity.com/files/155504/Allied-Telesis-AT-GS950-8-Directory-Traversal.html
http://packetstormsecurity.com/files/155504/Allied-Telesis-AT-GS950-8-Directory-Traversal.html