CVE-2014-1982 : The administrative interface in Allied Telesis AT-RG634A ADSL Broadband router 3.3+, iMG624A firmware 3.5, iMG616LH firm

The administrative interface in Allied Telesis AT-RG634A ADSL Broadband router 3.3+, iMG624A firmware 3.5, iMG616LH firmware 2.4, and iMG646BD firmware 3.5 allows remote attackers to gain privileges and execute arbitrary commands via a direct request to cli.html.

Published 2014-03-31 14:58:36

Updated 2014-03-31 17:57:38

Source JPCERT/CC

View at NVD, CVE.org

Vulnerability category: BypassGain privilege

Exploit prediction scoring system (EPSS) score for CVE-2014-1982

Probability of exploitation activity in the next 30 days: 2.78%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 90 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2014-1982

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2014-1982

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Assigned by: nvd@nist.gov (Primary)
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-1982

http://seclists.org/fulldisclosure/2014/Mar/340

Full Disclosure: [GTA-2014-01] - Allied Telesis AT-RG634A ADSL Broadband router hidden administrative unauthenticated webshell.
Exploit
http://www.exploit-db.com/exploits/32545

Allied Telesis AT-RG634A ADSL Broadband Router - Web Shell - Hardware webapps Exploit
Exploit

Products affected by CVE-2014-1982

Alliedtelesis » Img646bd Firmware » Version: 3.5
cpe:2.3:o:alliedtelesis:img646bd_firmware:3.5:*:*:*:*:*:*:*
Matching versions
Alliedtelesis » Img646bd » Version: N/A
cpe:2.3:h:alliedtelesis:img646bd:-:*:*:*:*:*:*:*
Matching versions
Alliedtelesis » At-rg634a Firmware » Version: 3.3+
cpe:2.3:o:alliedtelesis:at-rg634a_firmware:3.3\+:*:*:*:*:*:*:*
Matching versions
Alliedtelesis » At-rg634a » Version: N/A
cpe:2.3:h:alliedtelesis:at-rg634a:-:*:*:*:*:*:*:*
Matching versions
Alliedtelesis » Img624a Firmware » Version: 3.5
cpe:2.3:o:alliedtelesis:img624a_firmware:3.5:*:*:*:*:*:*:*
Matching versions
Alliedtelesis » Img624a » Version: N/A
cpe:2.3:h:alliedtelesis:img624a:-:*:*:*:*:*:*:*
Matching versions
Alliedtelesis » Img616lh Firmware » Version: +2.4
cpe:2.3:o:alliedtelesis:img616lh_firmware:\+2.4:*:*:*:*:*:*:*
Matching versions
Alliedtelesis » Img616lh » Version: N/A
cpe:2.3:h:alliedtelesis:img616lh:-:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2014-1982

Exploit prediction scoring system (EPSS) score for CVE-2014-1982

CVSS scores for CVE-2014-1982

CWE ids for CVE-2014-1982

References for CVE-2014-1982

Products affected by CVE-2014-1982