CVE-2014-1982

Alliedtelesis Img646bd Firmware - Authentication Bypass

Title source: rule

Description

The administrative interface in Allied Telesis AT-RG634A ADSL Broadband router 3.3+, iMG624A firmware 3.5, iMG616LH firmware 2.4, and iMG646BD firmware 3.5 allows remote attackers to gain privileges and execute arbitrary commands via a direct request to cli.html.

Exploits (1)

exploitdb WRITEUP

by Groundworks Technologies · textwebappshardware

https://www.exploit-db.com/exploits/32545

View Code ZIP pw:eip

References (2)

[Exploit] http://seclists.org/fulldisclosure/2014/Mar/340

[Exploit] http://www.exploit-db.com/exploits/32545

Scores

EPSS 0.1047

EPSS Percentile 93.1%

Classification

CWE

CWE-78 CWE-287

Status draft

Affected Products (8)

alliedtelesis/img646bd_firmware

alliedtelesis/img646bd

alliedtelesis/at-rg634a_firmware

alliedtelesis/at-rg634a

alliedtelesis/img624a_firmware

alliedtelesis/img624a

alliedtelesis/img616lh_firmware

alliedtelesis/img616lh

Timeline

Published Mar 31, 2014

Tracked Since Feb 18, 2026