Authentication Bypass in D-Link DSL Routers
CVE-2005-1680
Currently unrated
What is CVE-2005-1680?
Certain D-Link DSL routers, including models DSL-502T, DSL-504T, DSL-562T, and DSL-G604T, are susceptible to an authentication bypass vulnerability. This occurs when an attacker executes the /cgi-bin/firmwarecfg script under two specific conditions: either if their IP address is already present in the /var/tmp/fw_ip file or if their request is the first made, which leads to the creation of the /var/tmp/fw_ip file containing their IP address. This flaw allows unauthorized access to the router's configuration, potentially enabling remote attackers to alter settings without proper authentication.