ID

VAR-200505-0119

CVE

CVE-2005-1827

TITLE

D-Link DSL router can bypass access authentication vulnerability

DESCRIPTION

D-Link DSL-504T allows remote attackers to bypass authentication and gain privileges, such as upgrade firmware, restart the router or restore a saved configuration, via a direct request to firmwarecfg. D-Link DSL routers are commonly used routers in homes and small offices.  D-Link DSL routers have problems with user authentication. Remote attackers could use this vulnerability to gain unauthorized access to devices.  When executing CGI / cgi-bin / firmwarecfg, the script checks if the fw_ip file exists in / var / tmp /. If this file exists, all IP addresses listed therein will be allowed to access the device directly without authentication. If this file does not exist, CGI will create a new file with the requested address written in it.  If the web configuration console can be accessed from the Internet and no one has called CGI before, any user can access the router, download the config.xml file containing the user account and password, and cause access to the private network, modify or change the router's firmware Wait. This issue is due to a failure of the devices to require authentication in certain circumstances. Various D-Link devices with the following firmware revisions are affected by this issue: - V1.00B01T16.EN.20040211 - V1.00B01T16.EU.20040217 - V0.00B01T04.UK.20040220 - V1.00B01T16.EN.20040226 - V1.00B02T02.EU.20040610 - V1.00B02T02.UK.20040618 - V1.00B02T02.EU.20040729 - V1.00B02T02.DE.20040813 - V1.00B02T02.RU.20041014 Due to the common practice of code reuse, other devices are also likely affected by this issue. ---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: D-Link DSL Routers "firmwarecfg" Authentication Bypass SECUNIA ADVISORY ID: SA15422 VERIFY ADVISORY: http://secunia.com/advisories/15422/ CRITICAL: Moderately critical IMPACT: Security Bypass, System access WHERE: >From local network OPERATING SYSTEM: D-Link DSL-504T http://secunia.com/product/5128/ D-Link DSL-G604T http://secunia.com/product/5127/ DESCRIPTION: A security issue has been reported in various D-Link DSL routers, which can be exploited by malicious people to gain unauthorised access to a vulnerable device. The problem is caused due to an undocumented feature where the "cgi-bin/firmwarecfg" script grants the first user, who requests the script, access to the router. This can e.g. be exploited to modify the firmware of the router. PROVIDED AND/OR DISCOVERED BY: Independently discovered by: * Francesco Orro * Luis Peralta ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

IOT TAXONOMY

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

access verification error

EXPLOIT AVAILABILITY

EXTERNAL IDS

REFERENCES

CREDITS

Francesco Orro※ francesco.orro@akhela.com

SOURCES

LAST UPDATE DATE

2024-08-14T14:35:49.257000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE