PT-2014-4403 · Allied Telesis · Img624A+3
Sebastian Muniz
+1
·
Publicado
2014-03-28
·
Atualizado
2014-03-31
·
CVE-2014-1982
CVSS v2.0
10
Alta
| Vetor | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Allied Telesis AT-RG634A ADSL Broadband router versions 3.3 and later
Allied Telesis iMG624A firmware version 3.5
Allied Telesis iMG616LH firmware version 2.4
Allied Telesis iMG646BD firmware version 3.5
Description
The administrative interface in the affected devices allows remote attackers to gain privileges and execute arbitrary commands via a direct request to "cli.html".
Recommendations
For Allied Telesis AT-RG634A ADSL Broadband router versions 3.3 and later, restrict access to the administrative interface until a fix is available.
For Allied Telesis iMG624A firmware version 3.5, avoid using the administrative interface until the issue is resolved.
For Allied Telesis iMG616LH firmware version 2.4, consider disabling remote access to the administrative interface as a temporary workaround.
For Allied Telesis iMG646BD firmware version 3.5, limit access to the "cli.html" endpoint to minimize the risk of exploitation.
Exploit
Correção
OS Command Injection
Improper Authentication
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
At-Rg634A
Img616Lh
Img624A
Img646Bd