CVE-2005-1827

D-Link DSL-504T Firmware - Unauthenticated Privilege Escalation via Direct Request

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-1827. PoCs published by Francesco Orro.

AI-analyzed exploit summary This exploit leverages an authentication bypass vulnerability in various D-Link DSL routers by directly accessing the firmware configuration CGI script without credentials. It allows remote attackers to download the config.xml file, potentially exposing sensitive information.

Description

D-Link DSL-504T allows remote attackers to bypass authentication and gain privileges, such as upgrade firmware, restart the router or restore a saved configuration, via a direct request to firmwarecfg.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Francesco Orro · htmlremotehardware
https://www.exploit-db.com/exploits/25684

This exploit leverages an authentication bypass vulnerability in various D-Link DSL routers by directly accessing the firmware configuration CGI script without credentials. It allows remote attackers to download the config.xml file, potentially exposing sensitive information.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: D-Link DSL routers with specific firmware versions (e.g., V1.00B01T16.EN.20040211)
No auth needed
Prerequisites: Network access to the vulnerable D-Link router
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/15422
Third Party Advisory mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=111722515805478&w=2
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/13679

Scores

EPSS 0.1951
EPSS Percentile 97.0%

Details

CWE
CWE-425
Status published
Products (1)
dlink/dsl-504t_firmware 1.00b01t16.eu.20040217
Published May 26, 2005
Tracked Since Feb 18, 2026