CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2008-1253
https://notcve.org/view.php?id=CVE-2008-1253
Cross-site scripting (XSS) vulnerability in cgi-bin/webcm on the D-Link DSL-G604T router allows remote attackers to inject arbitrary web script or HTML via the var:category parameter, as demonstrated by a request for advanced/portforw.htm on the fwan page. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el cgi-bin/webcm del router D-Link DSL-G604T, que permite a atacantes remotos inyectar secuencias de comandos web o html de su elección a través del parámetro var:category como se ha demostrado mediante una petición para advanced/portforw.htm a la página "fwan". • http://secunia.com/advisories/29530 http://www.gnucitizen.org/projects/router-hacking-challenge http://www.securityfocus.com/archive/1/489009/100/0/threaded http://www.securityfocus.com/bid/28439 https://exchange.xforce.ibmcloud.com/vulnerabilities/41117 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 2CVE-2006-2337
https://notcve.org/view.php?id=CVE-2006-2337
Directory traversal vulnerability in webcm in the D-Link DSL-G604T Wireless ADSL Router Modem allows remote attackers to read arbitrary files via an absolute path in the getpage parameter. • http://securitytracker.com/id?1016038 http://www.gnucitizen.org/projects/router-hacking-challenge http://www.securiteam.com/securitynews/5JP0220IKK.html http://www.securityfocus.com/archive/1/489009/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/26555 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2005-1680
https://notcve.org/view.php?id=CVE-2005-1680
D-Link DSL-502T, DSL-504T, DSL-562T, and DSL-G604T, when /cgi-bin/firmwarecfg is executed, allows remote attackers to bypass authentication (1) if their IP address already exists in /var/tmp/fw_ip or (2) if their request is the first, which causes /var/tmp/fw_ip to be created and contain their IP address. • http://marc.info/?l=bugtraq&m=111652806030943&w=2 http://www.vupen.com/english/advisories/2005/0573 •