Francesco Orro

**Name of the Vulnerable Software and Affected Versions** D-Link DSL-502T D-Link DSL-504T D-Link DSL-562T D-Link DSL-G604T **Description** The issue allows remote attackers to bypass authentication under certain conditions. This can happen in two scenarios: (1) if the attacker's IP address is already present in /var/tmp/fw ip, or (2) if the attacker's request is the first one, which results in the creation of /var/tmp/fw ip containing their IP address. This occurs when the /cgi-bin/firmwarecfg endpoint is executed. **Recommendations** For D-Link DSL-502T, consider restricting access to the /cgi-bin/firmwarecfg endpoint until a fix is available. For D-Link DSL-504T, restrict access to the /cgi-bin/firmwarecfg endpoint to prevent unauthorized access. For D-Link DSL-562T, as a temporary workaround, limit the execution of /cgi-bin/firmwarecfg to trusted IP addresses. For D-Link DSL-G604T, avoid using the /cgi-bin/firmwarecfg endpoint until the issue is resolved.