CVE-2005-1680 Information

Description

D-Link DSL-502T DSL-504T DSL-562T and DSL-G604T when /cgi-bin/firmwarecfg is executed allows remote attackers to bypass authentication (1) if their IP address already exists in /var/tmp/fw_ip or (2) if their request is the first which causes /var/tmp/fw_ip to be created and contain their IP address.

Reference

http://marc.info/?l=bugtraq&m=111652806030943&w=2 http://www.vupen.com/english/advisories/2005/0573