Topo

**Name of the Vulnerable Software and Affected Versions** Allied Telesis AT-RG634A ADSL Broadband router versions 3.3 and later Allied Telesis iMG624A firmware version 3.5 Allied Telesis iMG616LH firmware version 2.4 Allied Telesis iMG646BD firmware version 3.5 **Description** The administrative interface in the affected devices allows remote attackers to gain privileges and execute arbitrary commands via a direct request to "cli.html". **Recommendations** For Allied Telesis AT-RG634A ADSL Broadband router versions 3.3 and later, restrict access to the administrative interface until a fix is available. For Allied Telesis iMG624A firmware version 3.5, avoid using the administrative interface until the issue is resolved. For Allied Telesis iMG616LH firmware version 2.4, consider disabling remote access to the administrative interface as a temporary workaround. For Allied Telesis iMG646BD firmware version 3.5, limit access to the "cli.html" endpoint to minimize the risk of exploitation.