CVE-2007-5383

Name of the Vulnerable Software and Affected Versions: Thomson/Alcatel SpeedTouch 7G router versions 6.2.6.B and earlier

Description: The issue allows remote attackers on an intranet to bypass authentication and gain administrative access. This can be achieved via vectors including a '/' (slash) character at the end of the PATH INFO to cgi/b. Additionally, remote attackers outside the intranet can exploit this by leveraging a separate CSRF vulnerability.

Recommendations: For versions 6.2.6.B and earlier, as a temporary workaround, consider restricting access to the cgi/b endpoint to minimize the risk of exploitation. Avoid using the '/' character at the end of the PATH INFO to prevent bypassing authentication. At the moment, there is no information about a newer version that contains a fix for this vulnerability.