Details of VAR-200505-0693

ID

VAR-200505-0693

CVE

CVE-2005-1680

TITLE

D-Link DSL-502T , DSL-504T , DSL-562T with DSL-G604T Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200505-1145

DESCRIPTION

D-Link DSL-502T, DSL-504T, DSL-562T, and DSL-G604T, when /cgi-bin/firmwarecfg is executed, allows remote attackers to bypass authentication (1) if their IP address already exists in /var/tmp/fw_ip or (2) if their request is the first, which causes /var/tmp/fw_ip to be created and contain their IP address. DSL-562T is prone to a security bypass vulnerability

Trust: 1.26

sources: NVD: CVE-2005-1680 // BID: 89959 // VULHUB: VHN-12889

AFFECTED PRODUCTS

vendor:	d link	model:	dsl-562t	scope:	eq	version:	*	Trust: 1.0
vendor:	d link	model:	dsl-504t	scope:	eq	version:	*	Trust: 1.0
vendor:	d link	model:	dsl-g604t	scope:	eq	version:	*	Trust: 1.0
vendor:	d link	model:	dsl-502t	scope:	eq	version:	*	Trust: 1.0
vendor:	d link	model:	dsl-g604t	scope:	-	version:	-	Trust: 0.9
vendor:	d link	model:	dsl-562t	scope:	-	version:	-	Trust: 0.9
vendor:	d link	model:	dsl-504t	scope:	-	version:	-	Trust: 0.9
vendor:	d link	model:	dsl-502t	scope:	-	version:	-	Trust: 0.9

sources: BID: 89959 // CNNVD: CNNVD-200505-1145 // NVD: CVE-2005-1680

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2005-1680
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200505-1145
value:	HIGH
Trust: 0.6
VULHUB:	VHN-12889
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2005-1680
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-12889
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-12889 // CNNVD: CNNVD-200505-1145 // NVD: CVE-2005-1680

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-1680

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200505-1145

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200505-1145

EXTERNAL IDS

db:	NVD	id:	CVE-2005-1680	Trust: 2.0
db:	VUPEN	id:	ADV-2005-0573	Trust: 1.7
db:	CNNVD	id:	CNNVD-200505-1145	Trust: 0.7
db:	BUGTRAQ	id:	20050519 D-LINK DSL ROUTERS AUTHENTICATION BYPASS	Trust: 0.6
db:	BID	id:	89959	Trust: 0.4
db:	VULHUB	id:	VHN-12889	Trust: 0.1

sources: VULHUB: VHN-12889 // BID: 89959 // CNNVD: CNNVD-200505-1145 // NVD: CVE-2005-1680

REFERENCES

url:	http://www.vupen.com/english/advisories/2005/0573	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=111652806030943&w=2	Trust: 1.0
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=111652806030943&w=2	Trust: 0.9
url:	http://www.frsirt.com/english/advisories/2005/0573	Trust: 0.6
url:	http://marc.info/?l=bugtraq&m=111652806030943&w=2	Trust: 0.1

sources: VULHUB: VHN-12889 // BID: 89959 // CNNVD: CNNVD-200505-1145 // NVD: CVE-2005-1680

CREDITS

Unknown

Trust: 0.3

sources: BID: 89959

SOURCES

db:	VULHUB	id:	VHN-12889
db:	BID	id:	89959
db:	CNNVD	id:	CNNVD-200505-1145
db:	NVD	id:	CVE-2005-1680

LAST UPDATE DATE

2024-08-14T14:35:48.765000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-12889	date:	2016-10-18T00:00:00
db:	BID	id:	89959	date:	2005-05-20T00:00:00
db:	CNNVD	id:	CNNVD-200505-1145	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2005-1680	date:	2016-10-18T03:21:35.620

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-12889	date:	2005-05-20T00:00:00
db:	BID	id:	89959	date:	2005-05-20T00:00:00
db:	CNNVD	id:	CNNVD-200505-1145	date:	2005-05-20T00:00:00
db:	NVD	id:	CVE-2005-1680	date:	2005-05-20T04:00:00