D-Link DSL-502T, DSL-504T, DSL-562T, and DSL-G604T, when /cgi-bin/firmwarecfg is executed, allows remote malicious users to bypass authentication (1) if their IP address already exists in /var/tmp/fw_ip or (2) if their request is the first, which causes /var/tmp/fw_ip to be created and contain their IP address.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
d-link dsl-502t |
||
d-link dsl-g604t |
||
d-link dsl-504t |
||
d-link dsl-562t |