CVE-2014-1982

The administrative interface in Allied Telesis AT-RG634A ADSL Broadband router 3.3+, iMG624A firmware 3.5, iMG616LH firmware 2.4, and iMG646BD firmware 3.5 allows remote attackers to gain privileges and execute arbitrary commands via a direct request to cli.html.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.exploit-db.com/exploits/32545	Exploit
http://seclists.org/fulldisclosure/2014/Mar/340	Exploit

Advertisement

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:alliedtelesis:img646bd_firmware:3.5:*:*:*:*:*:*:*

cpe:2.3:h:alliedtelesis:img646bd:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:alliedtelesis:at-rg634a_firmware:3.3\+:*:*:*:*:*:*:*

cpe:2.3:h:alliedtelesis:at-rg634a:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:alliedtelesis:img624a_firmware:3.5:*:*:*:*:*:*:*

cpe:2.3:h:alliedtelesis:img624a:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:alliedtelesis:img616lh_firmware:\+2.4:*:*:*:*:*:*:*

cpe:2.3:h:alliedtelesis:img616lh:-:*:*:*:*:*:*:*

Information

Published : 2014-03-31 07:58

Updated : 2014-03-31 10:57

NVD link : CVE-2014-1982

Mitre link : CVE-2014-1982

JSON object : View

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-287

Improper Authentication

Advertisement

Products Affected

alliedtelesis

img646bd_firmware
at-rg634a_firmware
img616lh_firmware
img616lh
at-rg634a
img646bd
img624a_firmware
img624a

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.exploit-db.com/exploits/32545", "name": "32545", "tags": ["Exploit"], "refsource": "EXPLOIT-DB"}, {"url": "http://seclists.org/fulldisclosure/2014/Mar/340", "name": "20140326 [GTA-2014-01] - Allied Telesis AT-RG634A ADSL Broadband router hidden administrative unauthenticated webshell.", "tags": ["Exploit"], "refsource": "FULLDISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The administrative interface in Allied Telesis AT-RG634A ADSL Broadband router 3.3+, iMG624A firmware 3.5, iMG616LH firmware 2.4, and iMG646BD firmware 3.5 allows remote attackers to gain privileges and execute arbitrary commands via a direct request to cli.html."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-287"}, {"lang": "en", "value": "CWE-78"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2014-1982", "ASSIGNER": "vultures@jpcert.or.jp"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2014-03-31T14:58Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:alliedtelesis:img646bd_firmware:3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:alliedtelesis:img646bd:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:alliedtelesis:at-rg634a_firmware:3.3\\+:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:alliedtelesis:at-rg634a:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:alliedtelesis:img624a_firmware:3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:alliedtelesis:img624a:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:alliedtelesis:img616lh_firmware:\\+2.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:alliedtelesis:img616lh:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2014-03-31T17:57Z"}