CVE-2014-1982

The administrative interface in Allied Telesis AT-RG634A ADSL Broadband router 3.3+, iMG624A firmware 3.5, iMG616LH firmware 2.4, and iMG646BD firmware 3.5 allows remote attackers to gain privileges and execute arbitrary commands via a direct request to cli.html.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:alliedtelesis:img646bd_firmware:3.5:*:*:*:*:*:*:*
cpe:2.3:h:alliedtelesis:img646bd:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:alliedtelesis:at-rg634a_firmware:3.3\+:*:*:*:*:*:*:*
cpe:2.3:h:alliedtelesis:at-rg634a:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:alliedtelesis:img624a_firmware:3.5:*:*:*:*:*:*:*
cpe:2.3:h:alliedtelesis:img624a:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:alliedtelesis:img616lh_firmware:\+2.4:*:*:*:*:*:*:*
cpe:2.3:h:alliedtelesis:img616lh:-:*:*:*:*:*:*:*

History

21 Nov 2024, 02:05

Type Values Removed Values Added
References () http://seclists.org/fulldisclosure/2014/Mar/340 - Exploit () http://seclists.org/fulldisclosure/2014/Mar/340 - Exploit
References () http://www.exploit-db.com/exploits/32545 - Exploit () http://www.exploit-db.com/exploits/32545 - Exploit

Information

Published : 2014-03-31 14:58

Updated : 2024-11-21 02:05


NVD link : CVE-2014-1982

Mitre link : CVE-2014-1982

CVE.ORG link : CVE-2014-1982


JSON object : View

Products Affected

alliedtelesis

  • img646bd_firmware
  • img624a
  • img646bd
  • img624a_firmware
  • at-rg634a
  • img616lh
  • img616lh_firmware
  • at-rg634a_firmware
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-287

Improper Authentication