Search criteria
2 vulnerabilities found for dsl-504t by dlink
VAR-200505-0120
Vulnerability from variot - Updated: 2024-02-13 22:36D-Link DSL-504T stores usernames and passwords in cleartext in the router configuration file, which allows remote attackers to obtain sensitive information. DSL-504T is prone to a information disclosure vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200505-0120",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dsl-504t",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dsl-504t",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "v1.00b01t16.eu.2004-02-17"
},
{
"model": "dsl-504t v1.00b01t16.eu.2004-",
"scope": null,
"trust": 0.3,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "89906"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1214"
},
{
"db": "NVD",
"id": "CVE-2005-1828"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:d-link:dsl-504t:v1.00b01t16.eu.2004-02-17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1828"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "89906"
}
],
"trust": 0.3
},
"cve": "CVE-2005-1828",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-13037",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2005-1828",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200505-1214",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-13037",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-13037"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1214"
},
{
"db": "NVD",
"id": "CVE-2005-1828"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DSL-504T stores usernames and passwords in cleartext in the router configuration file, which allows remote attackers to obtain sensitive information. DSL-504T is prone to a information disclosure vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1828"
},
{
"db": "BID",
"id": "89906"
},
{
"db": "VULHUB",
"id": "VHN-13037"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2005-1828",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1214",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20050526 DSL-504T (AND MAYBE MANY OTHER) REMOTE ACCESS WITHOUT PASSWORD BUG",
"trust": 0.6
},
{
"db": "BID",
"id": "89906",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-13037",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-13037"
},
{
"db": "BID",
"id": "89906"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1214"
},
{
"db": "NVD",
"id": "CVE-2005-1828"
}
]
},
"id": "VAR-200505-0120",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-13037"
}
],
"trust": 0.01
},
"last_update_date": "2024-02-13T22:36:32.929000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-312",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1828"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=111722515805478\u0026w=2"
},
{
"trust": 0.9,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=111722515805478\u0026w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=111722515805478\u0026amp;w=2"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-13037"
},
{
"db": "BID",
"id": "89906"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1214"
},
{
"db": "NVD",
"id": "CVE-2005-1828"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-13037"
},
{
"db": "BID",
"id": "89906"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1214"
},
{
"db": "NVD",
"id": "CVE-2005-1828"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-05-26T00:00:00",
"db": "VULHUB",
"id": "VHN-13037"
},
{
"date": "2005-05-26T00:00:00",
"db": "BID",
"id": "89906"
},
{
"date": "2005-05-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-1214"
},
{
"date": "2005-05-26T04:00:00",
"db": "NVD",
"id": "CVE-2005-1828"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-13037"
},
{
"date": "2005-05-26T00:00:00",
"db": "BID",
"id": "89906"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-1214"
},
{
"date": "2024-02-13T16:17:56.640000",
"db": "NVD",
"id": "CVE-2005-1828"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-1214"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DSL-504T Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-1214"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-1214"
}
],
"trust": 0.6
}
}
VAR-200505-0119
Vulnerability from variot - Updated: 2024-01-29 19:25D-Link DSL-504T allows remote attackers to bypass authentication and gain privileges, such as upgrade firmware, restart the router or restore a saved configuration, via a direct request to firmwarecfg. D-Link DSL routers are commonly used routers in homes and small offices.
D-Link DSL routers have problems with user authentication. Remote attackers could use this vulnerability to gain unauthorized access to devices.
When executing CGI / cgi-bin / firmwarecfg, the script checks if the fw_ip file exists in / var / tmp /. If this file exists, all IP addresses listed therein will be allowed to access the device directly without authentication. If this file does not exist, CGI will create a new file with the requested address written in it.
If the web configuration console can be accessed from the Internet and no one has called CGI before, any user can access the router, download the config.xml file containing the user account and password, and cause access to the private network, modify or change the router's firmware Wait. This issue is due to a failure of the devices to require authentication in certain circumstances. Various D-Link devices with the following firmware revisions are affected by this issue: - V1.00B01T16.EN.20040211 - V1.00B01T16.EU.20040217 - V0.00B01T04.UK.20040220 - V1.00B01T16.EN.20040226 - V1.00B02T02.EU.20040610 - V1.00B02T02.UK.20040618 - V1.00B02T02.EU.20040729 - V1.00B02T02.DE.20040813 - V1.00B02T02.RU.20041014 Due to the common practice of code reuse, other devices are also likely affected by this issue.
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/
TITLE: D-Link DSL Routers "firmwarecfg" Authentication Bypass
SECUNIA ADVISORY ID: SA15422
VERIFY ADVISORY: http://secunia.com/advisories/15422/
CRITICAL: Moderately critical
IMPACT: Security Bypass, System access
WHERE:
From local network
OPERATING SYSTEM: D-Link DSL-504T http://secunia.com/product/5128/ D-Link DSL-G604T http://secunia.com/product/5127/
DESCRIPTION: A security issue has been reported in various D-Link DSL routers, which can be exploited by malicious people to gain unauthorised access to a vulnerable device.
The problem is caused due to an undocumented feature where the "cgi-bin/firmwarecfg" script grants the first user, who requests the script, access to the router. This can e.g. be exploited to modify the firmware of the router.
PROVIDED AND/OR DISCOVERED BY: Independently discovered by: * Francesco Orro * Luis Peralta
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200505-0119",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dsl-504t",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.00b01t16.eu.20040217"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
},
{
"model": "dsl-504t",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "v1.00b01t16.eu.2004-02-17"
},
{
"model": "adsl aethra starbridge e-u",
"scope": null,
"trust": 0.3,
"vendor": "punto",
"version": null
},
{
"model": "telecom b-focus router",
"scope": "eq",
"trust": 0.3,
"vendor": "eci",
"version": "312+"
},
{
"model": "telecom b-focus multiport",
"scope": "eq",
"trust": 0.3,
"vendor": "eci",
"version": "342+"
},
{
"model": "telecom b-focus combo",
"scope": "eq",
"trust": 0.3,
"vendor": "eci",
"version": "322+"
},
{
"model": "dsl-g604t",
"scope": null,
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "dsl-562t",
"scope": null,
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "dsl-504t",
"scope": null,
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "dsl-502t",
"scope": null,
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "dsl-500t v1.00b02t02.ru.20050",
"scope": null,
"trust": 0.3,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2005-1916"
},
{
"db": "BID",
"id": "13679"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1215"
},
{
"db": "NVD",
"id": "CVE-2005-1827"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dsl-504t_firmware:1.00b01t16.eu.20040217:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dsl-504t:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1827"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Francesco Orro\u203b francesco.orro@akhela.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-1215"
}
],
"trust": 0.6
},
"cve": "CVE-2005-1827",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-13036",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2005-1827",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200505-1215",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-13036",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-13036"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1215"
},
{
"db": "NVD",
"id": "CVE-2005-1827"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DSL-504T allows remote attackers to bypass authentication and gain privileges, such as upgrade firmware, restart the router or restore a saved configuration, via a direct request to firmwarecfg. D-Link DSL routers are commonly used routers in homes and small offices. \n\n\u00a0D-Link DSL routers have problems with user authentication. Remote attackers could use this vulnerability to gain unauthorized access to devices. \n\n\u00a0When executing CGI / cgi-bin / firmwarecfg, the script checks if the fw_ip file exists in / var / tmp /. If this file exists, all IP addresses listed therein will be allowed to access the device directly without authentication. If this file does not exist, CGI will create a new file with the requested address written in it. \n\n\u00a0If the web configuration console can be accessed from the Internet and no one has called CGI before, any user can access the router, download the config.xml file containing the user account and password, and cause access to the private network, modify or change the router\u0027s firmware Wait. This issue is due to a failure of the devices to require authentication in certain circumstances. \nVarious D-Link devices with the following firmware revisions are affected by this issue:\n- V1.00B01T16.EN.20040211\n- V1.00B01T16.EU.20040217\n- V0.00B01T04.UK.20040220\n- V1.00B01T16.EN.20040226\n- V1.00B02T02.EU.20040610\n- V1.00B02T02.UK.20040618\n- V1.00B02T02.EU.20040729\n- V1.00B02T02.DE.20040813\n- V1.00B02T02.RU.20041014\nDue to the common practice of code reuse, other devices are also likely affected by this issue. \n\n----------------------------------------------------------------------\n\nBist Du interessiert an einem neuen Job in IT-Sicherheit?\n\n\nSecunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-\nSicherheit:\nhttp://secunia.com/secunia_vacancies/\n\n----------------------------------------------------------------------\n\nTITLE:\nD-Link DSL Routers \"firmwarecfg\" Authentication Bypass\n\nSECUNIA ADVISORY ID:\nSA15422\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/15422/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nSecurity Bypass, System access\n\nWHERE:\n\u003eFrom local network\n\nOPERATING SYSTEM:\nD-Link DSL-504T\nhttp://secunia.com/product/5128/\nD-Link DSL-G604T\nhttp://secunia.com/product/5127/\n\nDESCRIPTION:\nA security issue has been reported in various D-Link DSL routers,\nwhich can be exploited by malicious people to gain unauthorised\naccess to a vulnerable device. \n\nThe problem is caused due to an undocumented feature where the\n\"cgi-bin/firmwarecfg\" script grants the first user, who requests the\nscript, access to the router. This can e.g. be exploited to modify\nthe firmware of the router. \n\nPROVIDED AND/OR DISCOVERED BY:\nIndependently discovered by:\n* Francesco Orro\n* Luis Peralta\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1827"
},
{
"db": "CNVD",
"id": "CNVD-2005-1916"
},
{
"db": "BID",
"id": "13679"
},
{
"db": "VULHUB",
"id": "VHN-13036"
},
{
"db": "PACKETSTORM",
"id": "37683"
}
],
"trust": 1.89
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-13036",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-13036"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2005-1827",
"trust": 2.6
},
{
"db": "BID",
"id": "13679",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "15422",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1215",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2005-1916",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20050526 DSL-504T (AND MAYBE MANY OTHER) REMOTE ACCESS WITHOUT PASSWORD BUG",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-79341",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "25684",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-13036",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "37683",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2005-1916"
},
{
"db": "VULHUB",
"id": "VHN-13036"
},
{
"db": "BID",
"id": "13679"
},
{
"db": "PACKETSTORM",
"id": "37683"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1215"
},
{
"db": "NVD",
"id": "CVE-2005-1827"
}
]
},
"id": "VAR-200505-0119",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2005-1916"
},
{
"db": "VULHUB",
"id": "VHN-13036"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2005-1916"
}
]
},
"last_update_date": "2024-01-29T19:25:08.823000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-425",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1827"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/13679"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/15422"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=111722515805478\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=111722515805478\u0026w=2"
},
{
"trust": 0.3,
"url": "http://www.d-link.com/"
},
{
"trust": 0.3,
"url": "/archive/1/400251"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=111722515805478\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/15422/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5127/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_vacancies/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5128/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-13036"
},
{
"db": "BID",
"id": "13679"
},
{
"db": "PACKETSTORM",
"id": "37683"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1215"
},
{
"db": "NVD",
"id": "CVE-2005-1827"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2005-1916"
},
{
"db": "VULHUB",
"id": "VHN-13036"
},
{
"db": "BID",
"id": "13679"
},
{
"db": "PACKETSTORM",
"id": "37683"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1215"
},
{
"db": "NVD",
"id": "CVE-2005-1827"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-05-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2005-1916"
},
{
"date": "2005-05-26T00:00:00",
"db": "VULHUB",
"id": "VHN-13036"
},
{
"date": "2005-05-19T00:00:00",
"db": "BID",
"id": "13679"
},
{
"date": "2005-05-29T20:22:44",
"db": "PACKETSTORM",
"id": "37683"
},
{
"date": "2005-05-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-1215"
},
{
"date": "2005-05-26T04:00:00",
"db": "NVD",
"id": "CVE-2005-1827"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-05-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2005-1916"
},
{
"date": "2016-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-13036"
},
{
"date": "2011-12-20T12:19:00",
"db": "BID",
"id": "13679"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-1215"
},
{
"date": "2024-01-25T21:08:43.237000",
"db": "NVD",
"id": "CVE-2005-1827"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-1215"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DSL router can bypass access authentication vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2005-1916"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access verification error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-1215"
}
],
"trust": 0.6
}
}