Sign-up

ID

VAR-201403-0243


CVE

CVE-2014-1982


TITLE

plural Allied Telesis Vulnerability gained in router products

Trust: 0.8

sources: JVNDB: JVNDB-2014-001856

DESCRIPTION

The administrative interface in Allied Telesis AT-RG634A ADSL Broadband router 3.3+, iMG624A firmware 3.5, iMG616LH firmware 2.4, and iMG646BD firmware 3.5 allows remote attackers to gain privileges and execute arbitrary commands via a direct request to cli.html. Allied Telesis AT-RG634A ADSL Broadband route is a broadband router device. Allied Telesis AT-RG634A has a hidden http://<device IP>/cli.html page that allows attackers to connect via HTTP and execute commands in the administrator context. Allied Telesis Multiple Products are prone to an unauthorized-access vulnerability. This may aid in further attacks. The following products are vulnerable: Allied Telesis AT-RG634A firmware versions after 3.3; other versions may also be affected. Allied Telesis AT-iMG624A firmware version 3.5. Allied Telesis AT-iMG616LH firmware versions after 2.4. Allied Telesis AT-iMG646BD firmware version 3.5

Trust: 2.52

sources: NVD: CVE-2014-1982 // JVNDB: JVNDB-2014-001856 // CNVD: CNVD-2014-02054 // BID: 66476 // VULHUB: VHN-69921

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-02054

AFFECTED PRODUCTS

vendor:alliedtelesismodel:img616lhscope:eqversion:\+2.4

Trust: 1.6

vendor:alliedtelesismodel:at-rg634ascope:eqversion:3.3\+

Trust: 1.6

vendor:alliedtelesismodel:img646bdscope:eqversion:3.5

Trust: 1.6

vendor:alliedtelesismodel:img624ascope:eqversion:3.5

Trust: 1.6

vendor:alliedtelesismodel:img616lhscope:eqversion: -

Trust: 1.0

vendor:alliedtelesismodel:img646bdscope:eqversion: -

Trust: 1.0

vendor:alliedtelesismodel:img624ascope:eqversion: -

Trust: 1.0

vendor:alliedtelesismodel:at-rg634ascope:eqversion: -

Trust: 1.0

vendor:allied telesismodel:at-img616lhscope: - version: -

Trust: 0.8

vendor:allied telesismodel:at-img616lhscope:eqversion:+2.4

Trust: 0.8

vendor:allied telesismodel:at-img624ascope: - version: -

Trust: 0.8

vendor:allied telesismodel:at-img624ascope:eqversion:3.5

Trust: 0.8

vendor:allied telesismodel:at-img646bdscope: - version: -

Trust: 0.8

vendor:allied telesismodel:at-img646bdscope:eqversion:3.5

Trust: 0.8

vendor:allied telesismodel:at-rg634ascope: - version: -

Trust: 0.8

vendor:allied telesismodel:at-rg634ascope:eqversion:3.3+

Trust: 0.8

vendor:alliedmodel:telesis at-rg634a adsl broadband routescope:eqversion:3.3+

Trust: 0.6

vendor:alliedmodel:telesis at-rg634ascope:eqversion:0

Trust: 0.3

vendor:alliedmodel:telesis at-img646bdscope:eqversion:3.5

Trust: 0.3

vendor:alliedmodel:telesis at-img624ascope:eqversion:3.5

Trust: 0.3

vendor:alliedmodel:telesis at-img616lhscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2014-02054 // BID: 66476 // JVNDB: JVNDB-2014-001856 // CNNVD: CNNVD-201403-592 // NVD: CVE-2014-1982

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-1982
value: HIGH

Trust: 1.0

NVD: CVE-2014-1982
value: HIGH

Trust: 0.8

CNVD: CNVD-2014-02054
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201403-592
value: CRITICAL

Trust: 0.6

VULHUB: VHN-69921
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-1982
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-02054
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-69921
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-02054 // VULHUB: VHN-69921 // JVNDB: JVNDB-2014-001856 // CNNVD: CNNVD-201403-592 // NVD: CVE-2014-1982

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

problemtype:CWE-78

Trust: 1.9

sources: VULHUB: VHN-69921 // JVNDB: JVNDB-2014-001856 // NVD: CVE-2014-1982

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201403-592

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201403-592

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001856

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-69921

PATCH
title:End of Sale (Legacy) Productsurl:http://www.alliedtelesis.com/products/legacy
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-001856

EXTERNAL IDS
db:NVDid:CVE-2014-1982
Trust: 3.4
db:EXPLOIT-DBid:32545
Trust: 1.7
db:BIDid:66476
Trust: 1.0
db:JVNDBid:JVNDB-2014-001856
Trust: 0.8
db:CNNVDid:CNNVD-201403-592
Trust: 0.7
db:CNVDid:CNVD-2014-02054
Trust: 0.6
db:FULLDISCid:20140326 [GTA-2014-01] - ALLIED TELESIS AT-RG634A ADSL BROADBAND ROUTER HIDDEN ADMINISTRATIVE UNAUTHENTICATED WEBSHELL.
Trust: 0.6
db:SEEBUGid:SSVID-85826
Trust: 0.1
db:PACKETSTORMid:125890
Trust: 0.1
db:VULHUBid:VHN-69921
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-02054 // 
            
            
            
            VULHUB: VHN-69921 // 
            
            
            
            BID: 66476 // 
            
            
            
            JVNDB: JVNDB-2014-001856 // 
            
            
            
            CNNVD: CNNVD-201403-592 // 
            
            
            
            NVD: CVE-2014-1982

REFERENCES
url:http://seclists.org/fulldisclosure/2014/mar/340
Trust: 3.1
url:http://www.exploit-db.com/exploits/32545
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1982
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1982
Trust: 0.8
url:http://www.alliedtelesis.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2014-02054 // 
            
            
            
            VULHUB: VHN-69921 // 
            
            
            
            BID: 66476 // 
            
            
            
            JVNDB: JVNDB-2014-001856 // 
            
            
            
            CNNVD: CNNVD-201403-592 // 
            
            
            
            NVD: CVE-2014-1982

CREDITS
Sebastian Muniz (topo), Security Researcher of Groundworks Technologies
Trust: 0.3
sources:
            
            
            BID: 66476

SOURCES
db:CNVDid:CNVD-2014-02054
db:VULHUBid:VHN-69921
db:BIDid:66476
db:JVNDBid:JVNDB-2014-001856
db:CNNVDid:CNNVD-201403-592
db:NVDid:CVE-2014-1982

LAST UPDATE DATE
2025-04-13T23:05:15.238000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-02054date:2020-03-10T00:00:00
db:VULHUBid:VHN-69921date:2014-03-31T00:00:00
db:BIDid:66476date:2014-03-26T00:00:00
db:JVNDBid:JVNDB-2014-001856date:2014-04-02T00:00:00
db:CNNVDid:CNNVD-201403-592date:2014-05-05T00:00:00
db:NVDid:CVE-2014-1982date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2014-02054date:2014-04-01T00:00:00
db:VULHUBid:VHN-69921date:2014-03-31T00:00:00
db:BIDid:66476date:2014-03-26T00:00:00
db:JVNDBid:JVNDB-2014-001856date:2014-04-02T00:00:00
db:CNNVDid:CNNVD-201403-592date:2014-03-31T00:00:00
db:NVDid:CVE-2014-1982date:2014-03-31T14:58:35.803