CVE-2006-5537

Name of the Vulnerable Software and Affected Versions D-Link DSL-G624T firmware version 3.00B01T01.YA-C.20060616

Description The issue allows remote attackers to inject arbitrary web script or HTML via the upnp:settings/state or upnp:settings/connection parameters, which can lead to cross-site scripting (XSS) attacks.

Recommendations For D-Link DSL-G624T firmware version 3.00B01T01.YA-C.20060616, consider restricting access to the cgi-bin/webcm endpoint to minimize the risk of exploitation. Avoid using the upnp:settings/state and upnp:settings/connection parameters in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.