CVE-2005-1827

D-Link DSL-504T allows remote attackers to bypass authentication and gain privileges, such as upgrade firmware, restart the router or restore a saved configuration, via a direct request to firmwarecfg.
References
Link Resource
http://marc.info/?l=bugtraq&m=111722515805478&w=2 Third Party Advisory
http://secunia.com/advisories/15422 Broken Link
http://www.securityfocus.com/bid/13679 Broken Link Third Party Advisory VDB Entry
http://marc.info/?l=bugtraq&m=111722515805478&w=2 Third Party Advisory
http://secunia.com/advisories/15422 Broken Link
http://www.securityfocus.com/bid/13679 Broken Link Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dlink:dsl-504t_firmware:1.00b01t16.eu.20040217:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dsl-504t:-:*:*:*:*:*:*:*

History

20 Nov 2024, 23:58

Type Values Removed Values Added
References () http://marc.info/?l=bugtraq&m=111722515805478&w=2 - Third Party Advisory () http://marc.info/?l=bugtraq&m=111722515805478&w=2 - Third Party Advisory
References () http://secunia.com/advisories/15422 - Broken Link () http://secunia.com/advisories/15422 - Broken Link
References () http://www.securityfocus.com/bid/13679 - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/13679 - Broken Link, Third Party Advisory, VDB Entry

25 Jan 2024, 21:08

Type Values Removed Values Added
First Time Dlink
Dlink dsl-504t
Dlink dsl-504t Firmware
CPE cpe:2.3:h:d-link:dsl-504t:v1.00b01t16.eu.2004-02-17:*:*:*:*:*:*:* cpe:2.3:o:dlink:dsl-504t_firmware:1.00b01t16.eu.20040217:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dsl-504t:-:*:*:*:*:*:*:*
References (SECUNIA) http://secunia.com/advisories/15422 - (SECUNIA) http://secunia.com/advisories/15422 - Broken Link
References (BUGTRAQ) http://marc.info/?l=bugtraq&m=111722515805478&w=2 - (BUGTRAQ) http://marc.info/?l=bugtraq&m=111722515805478&w=2 - Third Party Advisory
References (BID) http://www.securityfocus.com/bid/13679 - (BID) http://www.securityfocus.com/bid/13679 - Broken Link, Third Party Advisory, VDB Entry
CWE NVD-CWE-Other CWE-425

Information

Published : 2005-05-26 04:00

Updated : 2024-11-20 23:58


NVD link : CVE-2005-1827

Mitre link : CVE-2005-1827

CVE.ORG link : CVE-2005-1827


JSON object : View

Products Affected

dlink

  • dsl-504t
  • dsl-504t_firmware
CWE
CWE-425

Direct Request ('Forced Browsing')