CVE-2006-5536

Name of the Vulnerable Software and Affected Versions D-Link DSL-G624T firmware version 3.00B01T01.YA-C.20060616

Description A directory traversal issue exists in the cgi-bin/webcm component, allowing remote attackers to read arbitrary files by including a .. (dot dot) in the getpage parameter of the vulnerable API endpoint.

Recommendations For D-Link DSL-G624T firmware version 3.00B01T01.YA-C.20060616, consider restricting access to the cgi-bin/webcm component until a patch is available. As a temporary workaround, avoid using the getpage parameter in the affected API endpoint. At the moment, there is no information about a newer version that contains a fix for this vulnerability.