Jos Ramn Palanco

#19352of 53,635
13.6Total CVSS
Vulnerabilities · 3
Medium
3
PT-2006-6251
5.0
2006-10-26
D Link · Dsl-G624T · CVE-2006-5536
**Name of the Vulnerable Software and Affected Versions** D-Link DSL-G624T firmware version 3.00B01T01.YA-C.20060616 **Description** A directory traversal issue exists in the cgi-bin/webcm component, allowing remote attackers to read arbitrary files by including a .. (dot dot) in the `getpage` parameter of the vulnerable API endpoint. **Recommendations** For D-Link DSL-G624T firmware version 3.00B01T01.YA-C.20060616, consider restricting access to the cgi-bin/webcm component until a patch is available. As a temporary workaround, avoid using the `getpage` parameter in the affected API endpoint. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2006-6252
4.3
2006-10-26
D Link · D-Link Dsl-G624T · CVE-2006-5537
**Name of the Vulnerable Software and Affected Versions** D-Link DSL-G624T firmware version 3.00B01T01.YA-C.20060616 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the `upnp:settings/state` or `upnp:settings/connection` parameters, which can lead to cross-site scripting (XSS) attacks. **Recommendations** For D-Link DSL-G624T firmware version 3.00B01T01.YA-C.20060616, consider restricting access to the `cgi-bin/webcm` endpoint to minimize the risk of exploitation. Avoid using the `upnp:settings/state` and `upnp:settings/connection` parameters in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2006-4775
4.3
2006-07-31
Zyxel · Zyxel Prestige 660H-61 Adsl Router · CVE-2006-3929
**Name of the Vulnerable Software and Affected Versions** Zyxel Prestige 660H-61 ADSL Router version 3.40(PT.0)b32 **Description** The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the `a` parameter in the Forms/rpSysAdmin script. **Recommendations** For Zyxel Prestige 660H-61 ADSL Router version 3.40(PT.0)b32, consider restricting access to the Forms/rpSysAdmin script until a patch is available. Avoid using hex-encoded values in the `a` parameter to minimize the risk of exploitation.