CVE-2014-1982 in iMG646BD
Summary
by MITRE
The administrative interface in Allied Telesis AT-RG634A ADSL Broadband router 3.3+, iMG624A firmware 3.5, iMG616LH firmware 2.4, and iMG646BD firmware 3.5 allows remote attackers to gain privileges and execute arbitrary commands via a direct request to cli.html.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 05/09/2026
The CVE-2014-1982 vulnerability represents a critical authentication bypass flaw in Allied Telesis networking equipment, specifically affecting multiple router models including the AT-RG634A, iMG624A, iMG616LH, and iMG646BD devices. This vulnerability resides within the administrative web interface of these devices, which are commonly deployed in enterprise and residential networking environments. The flaw stems from insufficient access controls and authentication mechanisms within the web-based management interface, allowing unauthenticated remote attackers to directly access privileged administrative functions through a specific endpoint.
The technical exploitation of this vulnerability occurs through a direct HTTP request to the cli.html endpoint within the router's web interface. This endpoint typically provides command-line interface access and administrative functions that should normally be restricted to authenticated administrators only. The vulnerability demonstrates a classic lack of proper input validation and access control checks, enabling attackers to bypass the standard authentication process entirely. This type of flaw aligns with CWE-287, which addresses improper authentication issues in software systems, and represents a significant weakness in the router's security architecture.
From an operational perspective, this vulnerability creates a severe risk for affected networks as it allows remote code execution without requiring any valid credentials or authentication. Attackers can leverage this flaw to gain full administrative control over the affected routers, potentially leading to complete network compromise, data exfiltration, or the establishment of persistent backdoors. The impact extends beyond individual device compromise as these routers often serve as gateways for larger network segments, making them attractive targets for attackers seeking lateral movement within corporate networks. This vulnerability directly maps to ATT&CK technique T1059.001 for command and control operations and T1078 for valid accounts usage, as it enables unauthorized access to administrative functions.
The exploitation of CVE-2014-1982 requires minimal technical skill and can be performed remotely, making it particularly dangerous for widespread deployment. Network administrators should prioritize immediate remediation of affected devices through firmware updates provided by Allied Telesis, as the vulnerability affects multiple firmware versions across different product lines. Organizations should also implement network segmentation and monitoring to detect potential exploitation attempts, while conducting thorough vulnerability assessments of all Allied Telesis equipment within their environments. The vulnerability underscores the importance of proper authentication mechanisms and access controls in network infrastructure devices, highlighting how insufficient security measures in administrative interfaces can lead to complete system compromise.