---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: D-Link DSL Routers "firmwarecfg" Authentication Bypass SECUNIA ADVISORY ID: SA15422 VERIFY ADVISORY: http://secunia.com/advisories/15422/ CRITICAL: Moderately critical IMPACT: Security Bypass, System access WHERE: >From local network OPERATING SYSTEM: D-Link DSL-504T http://secunia.com/product/5128/ D-Link DSL-G604T http://secunia.com/product/5127/ DESCRIPTION: A security issue has been reported in various D-Link DSL routers, which can be exploited by malicious people to gain unauthorised access to a vulnerable device. The problem is caused due to an undocumented feature where the "cgi-bin/firmwarecfg" script grants the first user, who requests the script, access to the router. This can e.g. be exploited to modify the firmware of the router. The following routers are reportedly affected: * DSL-502T * DSL-504T * DSL-562T * DSL-G604T The security issue has been reported in the following firmware versions: * V1.00B01T16.EN.20040211 * V1.00B01T16.EU.20040217 * V0.00B01T04.UK.20040220 * V1.00B01T16.EN.20040226 * V1.00B02T02.EU.20040610 * V1.00B02T02.UK.20040618 * V1.00B02T02.EU.20040729 * V1.00B02T02.DE.20040813 * V1.00B02T02.RU.20041014 SOLUTION: Restrict access to the web interface. PROVIDED AND/OR DISCOVERED BY: Independently discovered by: * Francesco Orro * Luis Peralta ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------