Vulnerability Description
The administrative interface in Allied Telesis AT-RG634A ADSL Broadband router 3.3+, iMG624A firmware 3.5, iMG616LH firmware 2.4, and iMG646BD firmware 3.5 allows remote attackers to gain privileges and execute arbitrary commands via a direct request to cli.html.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alliedtelesis | Img646Bd Firmware | 3.5 |
| Alliedtelesis | Img646Bd | - |
| Alliedtelesis | At-Rg634A Firmware | 3.3\+ |
| Alliedtelesis | At-Rg634A | - |
| Alliedtelesis | Img624A Firmware | 3.5 |
| Alliedtelesis | Img624A | - |
| Alliedtelesis | Img616Lh Firmware | \+2.4 |
| Alliedtelesis | Img616Lh | - |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2014/Mar/340Exploit
- http://www.exploit-db.com/exploits/32545Exploit
- http://seclists.org/fulldisclosure/2014/Mar/340Exploit
- http://www.exploit-db.com/exploits/32545Exploit
FAQ
What is CVE-2014-1982?
CVE-2014-1982 is a vulnerability with a CVSS score of 10.0 (HIGH). The administrative interface in Allied Telesis AT-RG634A ADSL Broadband router 3.3+, iMG624A firmware 3.5, iMG616LH firmware 2.4, and iMG646BD firmware 3.5 allows remote attackers to gain privileges a...
How severe is CVE-2014-1982?
CVE-2014-1982 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-1982?
Check the references section above for vendor advisories and patch information. Affected products include: Alliedtelesis Img646Bd Firmware, Alliedtelesis Img646Bd, Alliedtelesis At-Rg634A Firmware, Alliedtelesis At-Rg634A, Alliedtelesis Img624A Firmware.