Описание
D-Link DSL-502T, DSL-504T, DSL-562T, and DSL-G604T, when /cgi-bin/firmwarecfg is executed, allows remote attackers to bypass authentication (1) if their IP address already exists in /var/tmp/fw_ip or (2) if their request is the first, which causes /var/tmp/fw_ip to be created and contain their IP address.
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:h:d-link:dsl-502t:*:*:*:*:*:*:*:*
cpe:2.3:h:d-link:dsl-504t:*:*:*:*:*:*:*:*
cpe:2.3:h:d-link:dsl-562t:*:*:*:*:*:*:*:*
cpe:2.3:h:d-link:dsl-g604t:*:*:*:*:*:*:*:*
EPSS
Процентиль: 61%
0.00419
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
D-Link DSL-502T, DSL-504T, DSL-562T, and DSL-G604T, when /cgi-bin/firmwarecfg is executed, allows remote attackers to bypass authentication (1) if their IP address already exists in /var/tmp/fw_ip or (2) if their request is the first, which causes /var/tmp/fw_ip to be created and contain their IP address.
EPSS
Процентиль: 61%
0.00419
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other