Vulnerabilities > CVE-2005-1680 - Security Bypass vulnerability in DSL-562T

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

d-link

NVD

Published: 2005-05-20

Updated: 2016-10-18

Summary

D-Link DSL-502T, DSL-504T, DSL-562T, and DSL-G604T, when /cgi-bin/firmwarecfg is executed, allows remote attackers to bypass authentication (1) if their IP address already exists in /var/tmp/fw_ip or (2) if their request is the first, which causes /var/tmp/fw_ip to be created and contain their IP address.

Vulnerable Configurations

Part	Description	Count
Hardware	D-Link D Link DSL 502T * D Link DSL 504T * D Link DSL 562T * D Link DSL G604T *	4

References

http://marc.info/?l=bugtraq&m=111652806030943&w=2
http://www.vupen.com/english/advisories/2005/0573