CVE-2014-1982

Allied Telesis AT-RG634A, iMG624A, iMG616LH, iMG646BD - Unauthenticated Remote Code Execution via CLI Interface

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-1982. PoCs published by Groundworks Technologies.

AI-analyzed exploit summary The document describes an unauthenticated OS command injection vulnerability (CVE-2014-1982) in Allied Telesis routers, specifically the hidden /cli.html page allowing admin-level command execution without authentication.

Description

The administrative interface in Allied Telesis AT-RG634A ADSL Broadband router 3.3+, iMG624A firmware 3.5, iMG616LH firmware 2.4, and iMG646BD firmware 3.5 allows remote attackers to gain privileges and execute arbitrary commands via a direct request to cli.html.

Exploits (1)

exploitdb WRITEUP

by Groundworks Technologies · textwebappshardware

https://www.exploit-db.com/exploits/32545

View Code ZIP pw:eip

The document describes an unauthenticated OS command injection vulnerability (CVE-2014-1982) in Allied Telesis routers, specifically the hidden /cli.html page allowing admin-level command execution without authentication.

Classification

Writeup 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Allied Telesis AT-RG634A ADSL Broadband router (version 3.3+), iMG624A, iMG616LH, iMG646BD

No auth needed

Prerequisites: Network access to the router's web interface

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1210 - Exploitation of Remote Services

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/32545

Exploit mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2014/Mar/340

Scores

EPSS 0.0983

EPSS Percentile 95.0%

Details

CWE

CWE-287 CWE-78

Status published

Products (8)

alliedtelesis/at-rg634a

alliedtelesis/at-rg634a_firmware 3.3\+

alliedtelesis/img616lh

alliedtelesis/img616lh_firmware \+2.4

alliedtelesis/img624a

alliedtelesis/img624a_firmware 3.5

alliedtelesis/img646bd

alliedtelesis/img646bd_firmware 3.5

Published Mar 31, 2014

Tracked Since Feb 18, 2026