CVE-2021-31156
📋 TL;DR
This vulnerability allows attackers to perform directory traversal attacks on Allied Telesis AT-S115 1.2.0 devices, enabling partial unauthorized access to sensitive data. It affects devices running software before version 1.00.024 with Boot Loader 1.00.006. Network administrators using these specific devices are at risk.
💻 Affected Systems
- Allied Telesis AT-S115 1.2.0
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could access sensitive configuration files, credentials, or system files, potentially leading to device compromise, network infiltration, or data exfiltration.
Likely Case
Partial data exposure including configuration details, logs, or limited system files that could aid further attacks.
If Mitigated
Limited impact with proper network segmentation and access controls preventing external exploitation.
🎯 Exploit Status
Directory traversal vulnerabilities are typically easy to exploit with publicly available techniques.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Software version 1.00.024 or later
Vendor Advisory: https://www.alliedtelesis.com/en/documents/software-release-notes-s115-v120
Restart Required: Yes
Instructions:
1. Download firmware version 1.00.024 or later from Allied Telesis support portal. 2. Backup current configuration. 3. Upload and install new firmware via web interface or CLI. 4. Reboot device. 5. Verify version update.
🔧 Temporary Workarounds
Network Segmentation
allRestrict access to AT-S115 management interfaces to trusted networks only
Access Control Lists
allImplement strict firewall rules to limit who can access the device management interface
🧯 If You Can't Patch
- Isolate affected devices in separate VLAN with strict access controls
- Monitor device logs for directory traversal attempts and unauthorized access patterns
🔍 How to Verify
Check if Vulnerable:
Check device firmware version via web interface or CLI. If software version is below 1.00.024 and boot loader is 1.00.006, device is vulnerable.Check Version:
show version (via CLI) or check System Information in web interfaceVerify Fix Applied:
After patching, verify software version is 1.00.024 or higher and boot loader version has been updated.📡 Detection & Monitoring
Log Indicators:
- HTTP requests containing '../' sequences
- Unauthorized file access attempts
- Abnormal file read operations
Network Indicators:
- HTTP requests with directory traversal patterns to device management interface
- Unusual file access patterns from external IPs
SIEM Query:
source="AT-S115" AND (http_uri="*../*" OR http_uri="*..\\*" OR http_uri="*%2e%2e%2f*")🔗 References
- https://gist.github.com/NitescuLucian/69cf22d17bf190325118304be04828e8
- https://www.alliedtelesis.com/en/documents/software-release-notes-s115-v120
- https://www.alliedtelesis.com/sites/default/files/documents/release-notes/ats115v120srna.pdf
- https://gist.github.com/NitescuLucian/69cf22d17bf190325118304be04828e8
- https://www.alliedtelesis.com/en/documents/software-release-notes-s115-v120
- https://www.alliedtelesis.com/sites/default/files/documents/release-notes/ats115v120srna.pdf
