cbcvebase.
CVE-2014-1982
published 2014-03-31

CVE-2014-1982: The administrative interface in Allied Telesis AT-RG634A ADSL Broadband router 3.3+, iMG624A firmware 3.5, iMG616LH firmware 2.4, and iMG646BD firmware 3.5…

PriorityP268critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
9.83%
95.0th percentile
The administrative interface in Allied Telesis AT-RG634A ADSL Broadband router 3.3+, iMG624A firmware 3.5, iMG616LH firmware 2.4, and iMG646BD firmware 3.5 allows remote attackers to gain privileges and execute arbitrary commands via a direct request to cli.html.

Affected

4 ranges
VendorProductVersion rangeFixed in
alliedtelesisat-rg634a_firmware
alliedtelesisimg616lh_firmware
alliedtelesisimg624a_firmware
alliedtelesisimg646bd_firmware

Detection & IOCsextracted from sources · hover to see the quote

path/cli.html
urlhttp://<target>/cli.html
commandsystem add login eviluser system set user eviluser access superuser
  • Monitor HTTP server logs for unauthenticated GET/POST requests to /cli.html on Allied Telesis routers; any access to this path without prior authentication is indicative of exploitation.
  • Detect direct requests to cli.html from external/untrusted sources; the vulnerability is exploitable remotely without authentication.
  • ·The vendor workaround restricts management access by IP allowlist; without this control, /cli.html is accessible to any host by default.
  • ·Firmware version 3.8.05 reportedly addresses the issue, but this was unconfirmed by the researcher at time of disclosure.
  • ·The AT-RG634A product is end-of-life and no longer supported by Allied Telesis, meaning no official patch will be issued for this device.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.