Details of VAR-200610-0308

ID

VAR-200610-0308

CVE

CVE-2006-5536

TITLE

D-Link DSL-G624T of cgi-bin/webcm Vulnerable to directory traversal

Trust: 0.8

sources: JVNDB: JVNDB-2006-001445

DESCRIPTION

Directory traversal vulnerability in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to read arbitrary files via a .. (dot dot) in the getpage parameter. D-Link DSL-G624T of cgi-bin/webcm Contains a directory traversal vulnerability.By a third party .. A remote attacker can read any file using .. D-Link DSL-G624T devices are prone to a remote information-disclosure vulnerability because the devices fail to properly sanitize user-supplied input. Exploiting this issue allows remote, unauthenticated attackers to gain access to potentially sensitive configuration information from affected devices. This may aid them in further attacks. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: D-Link DSL-G624T Directory Traversal and Cross-Site Scripting SECUNIA ADVISORY ID: SA22524 VERIFY ADVISORY: http://secunia.com/advisories/22524/ CRITICAL: Less critical IMPACT: Cross Site Scripting, Exposure of sensitive information WHERE: >From local network SOFTWARE: D-Link DSL-G624T http://secunia.com/product/12420/ DESCRIPTION: Jose Ramon Palanco has reported some vulnerabilities in D-Link DSL-G624T, which can be exploited by malicious people to conduct cross-site scripting attacks or to disclose certain sensitive information. 1) Input passed to the "upnp%3Asettings%2Fstate" and "upnp%3Asettings%2Fconnection" parameters in cgi-bin/webcm is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed to the "getpage" parameter in cgi-bin/webcm is not properly verified before being used. The vulnerabilities are reported in firmware version V3.00B01T01.YA-C.20060616. Other versions may also be affected. SOLUTION: Do not visit other web sites while accessing the device and use it only in a trusted network. PROVIDED AND/OR DISCOVERED BY: Jose Ramon Palanco ORIGINAL ADVISORY: http://www.eazel.es/advisory005-D-Link-DSL-G624T-directoy-transversal-xss-cross-site-scripting-directory-listing-vulnerabilities.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.61

sources: NVD: CVE-2006-5536 // JVNDB: JVNDB-2006-001445 // CNVD: CNVD-2006-8128 // BID: 20689 // VULHUB: VHN-21644 // PACKETSTORM: 51318

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2006-8128

AFFECTED PRODUCTS

vendor:	d link	model:	dsl-g624t	scope:	eq	version:	firmware_3.00b01t01.ya_c.2006-06-16	Trust: 1.6
vendor:	d link	model:	dsl-g624t	scope:	eq	version:	firmware 3.00b01t01.ya-c.20060616	Trust: 0.8
vendor:	dsl g624t	model:	d-link 3.00b01t01.ya c.2006-06-16	scope:	-	version:	-	Trust: 0.6
vendor:	d link	model:	dsl-g624t v3.00b01t01.ya-c.200	scope:	-	version:	-	Trust: 0.3
vendor:	d link	model:	dsl-g624t	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2006-8128 // BID: 20689 // JVNDB: JVNDB-2006-001445 // CNNVD: CNNVD-200610-448 // NVD: CVE-2006-5536

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-5536
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2006-5536
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2006-8128
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-200610-448
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-21644
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2006-5536
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2006-8128
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-21644
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2006-8128 // VULHUB: VHN-21644 // JVNDB: JVNDB-2006-001445 // CNNVD: CNNVD-200610-448 // NVD: CVE-2006-5536

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-5536

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200610-448

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-200610-448

CONFIGURATIONS

sources: JVNDB: JVNDB-2006-001445

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-21644

PATCH

title:

Top Page

url:

http://www.dlink.com/

Trust: 0.8

sources: JVNDB: JVNDB-2006-001445

EXTERNAL IDS

db:	NVD	id:	CVE-2006-5536	Trust: 3.4
db:	BID	id:	20689	Trust: 2.6
db:	SECUNIA	id:	22524	Trust: 1.8
db:	SREASON	id:	1781	Trust: 1.7
db:	VUPEN	id:	ADV-2006-4191	Trust: 1.7
db:	JVNDB	id:	JVNDB-2006-001445	Trust: 0.8
db:	CNNVD	id:	CNNVD-200610-448	Trust: 0.7
db:	CNVD	id:	CNVD-2006-8128	Trust: 0.6
db:	BUGTRAQ	id:	20061023 D-LINK DSL-G624T SEVERAL VULNERABILITIES	Trust: 0.6
db:	SEEBUG	id:	SSVID-82392	Trust: 0.1
db:	EXPLOIT-DB	id:	28847	Trust: 0.1
db:	VULHUB	id:	VHN-21644	Trust: 0.1
db:	PACKETSTORM	id:	51318	Trust: 0.1

sources: CNVD: CNVD-2006-8128 // VULHUB: VHN-21644 // BID: 20689 // JVNDB: JVNDB-2006-001445 // PACKETSTORM: 51318 // CNNVD: CNNVD-200610-448 // NVD: CVE-2006-5536

REFERENCES

url:	http://www.securityfocus.com/bid/20689	Trust: 2.3
url:	http://www.eazel.es/advisory005-d-link-dsl-g624t-directoy-transversal-xss-cross-site-scripting-directory-listing-vulnerabilities.html	Trust: 1.8
url:	http://secunia.com/advisories/22524	Trust: 1.7
url:	http://securityreason.com/securityalert/1781	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/449486/100/0/threaded	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2006/4191	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5536	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-5536	Trust: 0.8
url:	http://www.securityfocus.com/archive/1/archive/1/449486/100/0/threaded	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2006/4191	Trust: 0.6
url:	http://www.dlink.co.uk/?go=gntyp9cgrdfoic4astfcf834mptyko9ztdvhlpg3yv3ovo5+hkltbnlwaafp7dqtfzrqycjg948banfh	Trust: 0.3
url:	/archive/1/449486	Trust: 0.3
url:	/archive/1/467484	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/product/12420/	Trust: 0.1
url:	http://secunia.com/hardcore_disassembler_and_reverse_engineer/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/22524/	Trust: 0.1

sources: CNVD: CNVD-2006-8128 // VULHUB: VHN-21644 // BID: 20689 // JVNDB: JVNDB-2006-001445 // PACKETSTORM: 51318 // CNNVD: CNNVD-200610-448 // NVD: CVE-2006-5536

CREDITS

Discovery credited to Jos Ramn Palanco <jose.palanco@eazel.es>.

Trust: 0.6

sources: CNNVD: CNNVD-200610-448

SOURCES

db:	CNVD	id:	CNVD-2006-8128
db:	VULHUB	id:	VHN-21644
db:	BID	id:	20689
db:	JVNDB	id:	JVNDB-2006-001445
db:	PACKETSTORM	id:	51318
db:	CNNVD	id:	CNNVD-200610-448
db:	NVD	id:	CVE-2006-5536

LAST UPDATE DATE

2024-08-14T14:15:39.392000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2006-8128	date:	2006-10-26T00:00:00
db:	VULHUB	id:	VHN-21644	date:	2018-10-17T00:00:00
db:	BID	id:	20689	date:	2007-05-03T19:19:00
db:	JVNDB	id:	JVNDB-2006-001445	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200610-448	date:	2006-10-30T00:00:00
db:	NVD	id:	CVE-2006-5536	date:	2018-10-17T21:43:45.220

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2006-8128	date:	2006-10-26T00:00:00
db:	VULHUB	id:	VHN-21644	date:	2006-10-26T00:00:00
db:	BID	id:	20689	date:	2006-10-23T00:00:00
db:	JVNDB	id:	JVNDB-2006-001445	date:	2012-06-26T00:00:00
db:	PACKETSTORM	id:	51318	date:	2006-10-25T19:47:27
db:	CNNVD	id:	CNNVD-200610-448	date:	2006-10-26T00:00:00
db:	NVD	id:	CVE-2006-5536	date:	2006-10-26T17:07:00