Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-1982

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2014-1982
Last Modified 31 Mar 2014 01:57:38
Published 31 Mar 2014 10:58:35
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-1982

Summary

The administrative interface in Allied Telesis AT-RG634A ADSL Broadband router 3.3+, iMG624A firmware 3.5, iMG616LH firmware 2.4, and iMG646BD firmware 3.5 allows remote attackers to gain privileges and execute arbitrary commands via a direct request to cli.html.

Vulnerable Systems

Operating System

  • Alliedtelesis At-rg634a Firmware 3.3%2b

  • Alliedtelesis Img616lh Firmware %2b2.4

  • Alliedtelesis Img624a Firmware 3.5

  • Alliedtelesis Img646bd Firmware 3.5


References

EXPLOIT-DB - 32545

FULLDISC - 20140326 [GTA-2014-01] - Allied Telesis AT-RG634A ADSL Broadband router hidden administrative unauthenticated webshell.


Last Updated: 27 May 2016 11:04:48