Vulnerabilites related to dlink - dsr-500n_firmware
Vulnerability from fkie_nvd
Published
2013-12-19 04:24
Modified
2025-04-11 00:51
Severity ?
Summary
D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 have a hardcoded account of username gkJ9232xXyruTRmY, which makes it easier for remote attackers to obtain access by leveraging knowledge of the username.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2616EA9D-842A-4C08-BEC0-DD0DE15627C4",
"versionEndIncluding": "1.08b51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.02b11:*:*:*:*:*:*:*",
"matchCriteriaId": "86F457CD-2B3A-4571-941B-CEEAD52635C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.02b25:*:*:*:*:*:*:*",
"matchCriteriaId": "7D5FB42D-B664-4CD1-A9BE-BEEB3D2455F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.03b12:*:*:*:*:*:*:*",
"matchCriteriaId": "0836B735-04EB-46DA-A5FD-918CF254DC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.03b23:*:*:*:*:*:*:*",
"matchCriteriaId": "C40D5762-D950-4C59-8E60-AD63A5C4F43E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.03b27:*:*:*:*:*:*:*",
"matchCriteriaId": "CD052065-A62C-4E77-AF30-A7BFE87BEF0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.03b36:*:*:*:*:*:*:*",
"matchCriteriaId": "84589477-A03F-4350-8F48-AA65A3E2F8EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.03b43:*:*:*:*:*:*:*",
"matchCriteriaId": "73B9957F-92B8-471A-90C1-541857228220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.04b58:*:*:*:*:*:*:*",
"matchCriteriaId": "BB19EF7D-8CDD-4640-B272-2B31C6C8DC40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.06b43:*:*:*:*:*:*:*",
"matchCriteriaId": "D3DE0EAD-26FE-4A08-8B3F-94B7B46B3EE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.06b53:*:*:*:*:*:*:*",
"matchCriteriaId": "3EEC400B-B9A7-4672-98BB-57EE722FDDBB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ABF00635-340E-4116-8B4A-46138C13C9C3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-150n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2655D2C-0A71-4F14-8CB6-9A8E5B0BA2D2",
"versionEndIncluding": "1.05b48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-150n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "729C8468-E3D3-4089-B095-A41C719E9F8C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-250n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8875595-6A45-41F4-BD4F-88E4B01987FB",
"versionEndIncluding": "1.08b39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250n_firmware:1.01b46:*:*:*:*:*:*:*",
"matchCriteriaId": "4D87E55E-8FB9-46DD-B7E3-0FF5844AACCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250n_firmware:1.01b56:*:*:*:*:*:*:*",
"matchCriteriaId": "7054BD9D-2CBD-4EB2-A52C-6EAD0DF16CEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250n_firmware:1.05b20:*:*:*:*:*:*:*",
"matchCriteriaId": "7C7D6C20-02AB-45C2-8DF6-7406EF4B9E09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250n_firmware:1.05b53:*:*:*:*:*:*:*",
"matchCriteriaId": "20584156-C553-4AEA-A19C-A4BB67B5390A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250n_firmware:1.08b31:*:*:*:*:*:*:*",
"matchCriteriaId": "1CB44CCA-AC5E-4169-A4DA-8873C1435C04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-250n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8754060-E58E-4A9A-AB59-0279E8BC793A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-150_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83CA3AD5-8BB3-4C52-B1D4-57F24C7E3ECE",
"versionEndIncluding": "1.08b29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-150_firmware:1.05b29:*:*:*:*:*:*:*",
"matchCriteriaId": "EDDC40C8-1BB2-4151-BAA4-E28C5AC94654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-150_firmware:1.05b35:*:*:*:*:*:*:*",
"matchCriteriaId": "ADB61873-D7C7-400D-AAA3-5F65F459B573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-150_firmware:1.05b46:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD638F5-3A13-45D2-A343-1733611C5173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-150_firmware:1.05b50:*:*:*:*:*:*:*",
"matchCriteriaId": "9A27097B-44CF-47FB-90D1-0D244209E9DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F9246BA-7F85-4564-B1B5-03BBBF9E2F35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA8E760B-FBD1-4949-9E7C-35E216094B58",
"versionEndIncluding": "1.08b51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.02b11:*:*:*:*:*:*:*",
"matchCriteriaId": "F0478AA5-8740-4458-855A-11804597FA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.02b25:*:*:*:*:*:*:*",
"matchCriteriaId": "A6009D02-5CE9-4D08-8C6A-005F66ED8A29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.03b12:*:*:*:*:*:*:*",
"matchCriteriaId": "2DBC6011-8C8A-4EAA-8B6B-933C128E7A97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.03b23:*:*:*:*:*:*:*",
"matchCriteriaId": "540C7261-9352-4CF1-BCF8-13615EFB7C4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.03b27:*:*:*:*:*:*:*",
"matchCriteriaId": "31C51D13-005D-4CB0-AB05-D38CC4E5096B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.03b36:*:*:*:*:*:*:*",
"matchCriteriaId": "4C3F3332-EEE2-492F-9585-62E4256ECBC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.03b43:*:*:*:*:*:*:*",
"matchCriteriaId": "0DE1C593-B0E7-4715-9AA5-CF7A3A87F05E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.04b58:*:*:*:*:*:*:*",
"matchCriteriaId": "2D4D1637-5291-45CD-BA6A-B71D9199F0F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.06b43:*:*:*:*:*:*:*",
"matchCriteriaId": "25136989-A83E-4C65-A354-8A0E2101EE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.06b53:*:*:*:*:*:*:*",
"matchCriteriaId": "36E387CF-AAE4-4EED-A7E2-6D2FE9B5933F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-500n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B085DCB-4804-43ED-8634-0B4EB8DCD750",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "289208CD-49AB-48A8-AD2E-BF4AFA479990",
"versionEndIncluding": "1.08b51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.01b50:*:*:*:*:*:*:*",
"matchCriteriaId": "0FA9027F-9EBE-45FB-8128-E1E27F1B12EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.02b11:*:*:*:*:*:*:*",
"matchCriteriaId": "90E36C7E-02A1-4389-A706-B73D6C236E50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.02b25:*:*:*:*:*:*:*",
"matchCriteriaId": "D5146B3C-CC4C-49C4-9B8B-BF9FC3E45293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.03b12:*:*:*:*:*:*:*",
"matchCriteriaId": "79117184-9444-443B-9CF8-F4D2E19413A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.03b23:*:*:*:*:*:*:*",
"matchCriteriaId": "AD92EB60-B33E-4653-BE5B-449DC18E073F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.03b27:*:*:*:*:*:*:*",
"matchCriteriaId": "DAE86995-60E0-4F50-A008-EBB227CC4207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.03b36:*:*:*:*:*:*:*",
"matchCriteriaId": "9B6BA51E-FCC6-4BCC-A4FF-AF49602C6D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.03b43:*:*:*:*:*:*:*",
"matchCriteriaId": "484A7789-9A84-4E01-B7C8-97FC769D21AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.04b58:*:*:*:*:*:*:*",
"matchCriteriaId": "592C6173-8084-4857-AD6A-DDF9F66CE881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.06b43:*:*:*:*:*:*:*",
"matchCriteriaId": "A8025D5C-331B-4A62-9A0D-29EA63E7AB30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.06b53:*:*:*:*:*:*:*",
"matchCriteriaId": "2987ACFB-FE89-4901-8A64-B5B61F4D4EE1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-1000n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE07EC6-89F9-4E76-A5CE-B8EA28727F9A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-250_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F360917-0D86-4B7C-8699-EAE3A5155DAD",
"versionEndIncluding": "1.08b39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250_firmware:1.01b46:*:*:*:*:*:*:*",
"matchCriteriaId": "91015BD6-F1EF-4E77-991E-5A895DF204FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250_firmware:1.01b56:*:*:*:*:*:*:*",
"matchCriteriaId": "36443128-6668-4FB6-9B96-1C695EB5B0BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250_firmware:1.05b20:*:*:*:*:*:*:*",
"matchCriteriaId": "11E46972-D923-4AB7-BC2E-49D9DBC65202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250_firmware:1.05b53:*:*:*:*:*:*:*",
"matchCriteriaId": "71900351-AF65-4AFB-A77E-361075583F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250_firmware:1.08b31:*:*:*:*:*:*:*",
"matchCriteriaId": "0540F822-7F53-4282-A480-6E4A15994AF8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "702F0FE2-5E5A-4E2B-8B7A-A0C84FF74F4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A6B7598-20C1-4F1A-BFA8-16C66D210216",
"versionEndIncluding": "1.08b51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.01b50:*:*:*:*:*:*:*",
"matchCriteriaId": "6F9A4E2D-8F74-4CD3-85F0-5DA4749B0F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.02b11:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA26493-2F60-41C1-9563-75FAA116DBA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.02b25:*:*:*:*:*:*:*",
"matchCriteriaId": "4D5BA908-B289-4917-8AE3-E57DACB93501",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.03b12:*:*:*:*:*:*:*",
"matchCriteriaId": "9B94BCF9-13FC-4930-92A4-6AF97699672B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.03b23:*:*:*:*:*:*:*",
"matchCriteriaId": "F1AED08D-47B4-4A13-8291-2E49AEB1B69F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.03b27:*:*:*:*:*:*:*",
"matchCriteriaId": "2904D8F1-633D-4DF8-9808-2961998CE510",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.03b36:*:*:*:*:*:*:*",
"matchCriteriaId": "FE195794-EDE9-477A-9934-8CE2ED1B19E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.03b43:*:*:*:*:*:*:*",
"matchCriteriaId": "BC8C2F15-6867-4647-9D2F-8F3D9F3054DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.04b58:*:*:*:*:*:*:*",
"matchCriteriaId": "AFF08CD6-A360-4291-8159-DB2A07B8F2A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.06b43:*:*:*:*:*:*:*",
"matchCriteriaId": "DDDBCCF6-71B8-45A8-86C4-97B622793179",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.06b53:*:*:*:*:*:*:*",
"matchCriteriaId": "FF0BFC1A-B6DF-4D2E-9DD9-566E20CAD172",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFF423A8-2E0B-4618-B384-5C97B4315B88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 have a hardcoded account of username gkJ9232xXyruTRmY, which makes it easier for remote attackers to obtain access by leveraging knowledge of the username."
},
{
"lang": "es",
"value": "D-Link DSR-150 con firmware anterior a 1.08B44; DSR-150N con firmware anterior a 1.05B64; DSR-250 y DSR-250N con firmware anterior a 1.08B44; y DSR-500, DSR-500N, DSR-1000, y DSR-1000N con firmware anterior a 1.08B77 tienen incrustado el nombre de usuario gkJ9232xXyruTRmY, lo cual facilita a atacantes remotos obtener acceso aprovechando el conocimiento del nombre de usuario."
}
],
"id": "CVE-2013-7004",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-19T04:24:57.463",
"references": [
{
"source": "cve@mitre.org",
"url": "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/30061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/30061"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-23 22:15
Modified
2024-11-21 06:19
Severity ?
Summary
D-Link DSR-500N version 1.02 contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file.If an attacker succeeds in recovering the cleartext password of the identified hash value, he will be able to log in via SSH or Telnet and thus gain access to the underlying embedded Linux operating system on the device. Fixed in version 2.12/2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10235 | Vendor Advisory | |
| cve@mitre.org | https://www.dlink.com/en/security-bulletin/ | Vendor Advisory | |
| cve@mitre.org | https://www.nussko.com/advisories/advisory-2021-08-02.txt | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10235 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.dlink.com/en/security-bulletin/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.nussko.com/advisories/advisory-2021-08-02.txt | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dsr-500n_firmware | 1.02 | |
| dlink | dsr-500n | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.02:*:*:*:*:*:*:*",
"matchCriteriaId": "7DF65935-9549-4B3E-87D1-0B6256F09A56",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-500n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B085DCB-4804-43ED-8634-0B4EB8DCD750",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"unsupported-when-assigned"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "D-Link DSR-500N version 1.02 contains hard-coded credentials for undocumented user accounts in the \u0027/etc/passwd\u0027 file.If an attacker succeeds in recovering the cleartext password of the identified hash value, he will be able to log in via SSH or Telnet and thus gain access to the underlying embedded Linux operating system on the device. Fixed in version 2.12/2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer"
},
{
"lang": "es",
"value": "** NO COMPATIBLE CUANDO SE ASIGN\u00d3 ** D-Link DSR-500N versi\u00f3n 1.02, contiene credenciales embebidas para cuentas de usuario no documentadas en el archivo \"/etc/passwd\".Si un atacante logra recuperar la contrase\u00f1a en texto sin cifrar del valor hash identificado, podr\u00e1 iniciar sesi\u00f3n por SSH o Telnet y, por lo tanto, conseguir acceso al sistema operativo Linux incorporado subyacente en el dispositivo. Corregido en la versi\u00f3n 2.12/2. NOTA: Esta vulnerabilidad s\u00f3lo afecta a los productos que ya no son compatibles por el mantenedor."
}
],
"id": "CVE-2021-39615",
"lastModified": "2024-11-21T06:19:48.437",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-23T22:15:28.937",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10235"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.nussko.com/advisories/advisory-2021-08-02.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10235"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.nussko.com/advisories/advisory-2021-08-02.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-11 12:15
Modified
2024-11-21 01:58
Severity ?
Summary
Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allow remote attackers to execute arbitrary SQL commands via the password to (1) the login.authenticate function in share/lua/5.1/teamf1lualib/login.lua or (2) captivePortal.lua.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dsr-150_firmware | * | |
| dlink | dsr-150 | - | |
| dlink | dsr-150n_firmware | * | |
| dlink | dsr-150n | - | |
| dlink | dsr-250_firmware | * | |
| dlink | dsr-250 | - | |
| dlink | dsr-250n_firmware | * | |
| dlink | dsr-250n | - | |
| dlink | dsr-500_firmware | * | |
| dlink | dsr-500 | - | |
| dlink | dsr-500n_firmware | * | |
| dlink | dsr-500n | - | |
| dlink | dsr-1000_firmware | * | |
| dlink | dsr-1000 | - | |
| dlink | dsr-1000n_firmware | * | |
| dlink | dsr-1000n | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-150_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BD73A85-9D52-4389-A555-D6FDB737AE59",
"versionEndExcluding": "1.08b44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F9246BA-7F85-4564-B1B5-03BBBF9E2F35",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-150n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6953E43-A7B5-4F35-BF7D-CE75FB2FA96D",
"versionEndExcluding": "1.05b64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-150n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "729C8468-E3D3-4089-B095-A41C719E9F8C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-250_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51C91D3D-52F0-405F-B652-45DFC3C0C673",
"versionEndExcluding": "1.08b44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "702F0FE2-5E5A-4E2B-8B7A-A0C84FF74F4E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-250n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6763ED3-B6F2-4BC4-88DC-DDF383A40761",
"versionEndExcluding": "1.08b44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-250n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8754060-E58E-4A9A-AB59-0279E8BC793A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E80E081B-1FB5-4B37-A054-7F6D3A507B47",
"versionEndExcluding": "1.08b77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ABF00635-340E-4116-8B4A-46138C13C9C3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C49E10FB-39AA-4193-8EFE-815EE72ADA6E",
"versionEndExcluding": "1.08b77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-500n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B085DCB-4804-43ED-8634-0B4EB8DCD750",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93C7AF3E-A7B6-47D6-A3DD-26E28398843B",
"versionEndExcluding": "1.08b77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFF423A8-2E0B-4618-B384-5C97B4315B88",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F33EBB05-D58C-47C0-9EB7-D0F03C027169",
"versionEndExcluding": "1.08b77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-1000n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE07EC6-89F9-4E76-A5CE-B8EA28727F9A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allow remote attackers to execute arbitrary SQL commands via the password to (1) the login.authenticate function in share/lua/5.1/teamf1lualib/login.lua or (2) captivePortal.lua."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en dispositivos D-Link DSR-150 con versi\u00f3n de firmware anterior a 1.08B44; DSR-150N con versiones de firmware anteriores a 1.05B64; DSR-250 y DSR-250N con versiones de firmware anteriores a 1.08B44; y DSR-500, DSR-500N, DSR-1000 y DSR-1000N con versiones de firmware anteriores a 1.08B77, permiten a atacantes remotos ejecutar comandos SQL arbitrarios por medio de la contrase\u00f1a para (1) la funci\u00f3n login.authenticate en los archivos share/lua/5.1/teamf1lualib/login.lua o (2) cautivePortal.lua."
}
],
"id": "CVE-2013-5945",
"lastModified": "2024-11-21T01:58:28.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-11T12:15:11.757",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.exploit-db.com/exploits/30061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.exploit-db.com/exploits/30061"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-15 20:15
Modified
2024-11-21 05:18
Severity ?
Summary
An issue was discovered on D-Link DSR-250 3.17 devices. Certain functionality in the Unified Services Router web interface could allow an authenticated attacker to execute arbitrary commands, due to a lack of validation of inputs provided in multipart HTTP POST requests.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dsr-150_firmware | * | |
| dlink | dsr-150 | - | |
| dlink | dsr-150n_firmware | * | |
| dlink | dsr-150n | - | |
| dlink | dsr-250_firmware | * | |
| dlink | dsr-250 | - | |
| dlink | dsr-250n_firmware | * | |
| dlink | dsr-250n | - | |
| dlink | dsr-500_firmware | * | |
| dlink | dsr-500 | - | |
| dlink | dsr-500n_firmware | * | |
| dlink | dsr-500n | - | |
| dlink | dsr-500ac_firmware | * | |
| dlink | dsr-500ac | - | |
| dlink | dsr-1000_firmware | * | |
| dlink | dsr-1000 | - | |
| dlink | dsr-1000n_firmware | * | |
| dlink | dsr-1000n | - | |
| dlink | dsr-1000ac_firmware | * | |
| dlink | dsr-1000ac | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-150_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93C5755D-5EB7-449E-81D9-20DBA0F36345",
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F9246BA-7F85-4564-B1B5-03BBBF9E2F35",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-150n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3AE6313B-F71A-4AE4-8778-E30A93B1942B",
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-150n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "729C8468-E3D3-4089-B095-A41C719E9F8C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-250_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1ABEF03D-2411-4B84-BB67-831DC0164C9D",
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "702F0FE2-5E5A-4E2B-8B7A-A0C84FF74F4E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-250n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "834CDDBF-DC00-40FD-86C1-9AF2A42BB317",
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-250n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8754060-E58E-4A9A-AB59-0279E8BC793A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64D78EB2-B98D-4196-B678-BF43227770F2",
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ABF00635-340E-4116-8B4A-46138C13C9C3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A56B78EB-01FB-472A-B147-F2DF9E1C70E1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-500n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B085DCB-4804-43ED-8634-0B4EB8DCD750",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-500ac_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC42D575-0178-43EF-814F-DE6D738FB2A5",
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-500ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC082E6B-E33F-4A69-A9B7-5E4D2D03C996",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19A81670-E7DA-4179-A0A5-00938299BF6C",
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFF423A8-2E0B-4618-B384-5C97B4315B88",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82F0849C-8622-4839-BE2B-DCDE9CE7B257",
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-1000n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE07EC6-89F9-4E76-A5CE-B8EA28727F9A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-1000ac_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7F64A55-D6BF-4440-8336-22E5C1BF36D0",
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-1000ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3DD4F77B-72B4-4261-884C-8F17B52A4643",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on D-Link DSR-250 3.17 devices. Certain functionality in the Unified Services Router web interface could allow an authenticated attacker to execute arbitrary commands, due to a lack of validation of inputs provided in multipart HTTP POST requests."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en los dispositivos D-Link DSR-250 versi\u00f3n 3.17.\u0026#xa0;Determinada funcionalidad en la interfaz web Unified Services Router podr\u00eda permitir a un atacante autenticado ejecutar comandos arbitrarios, debido a una falta de comprobaci\u00f3n de entradas proporcionadas en peticiones HTTP POST de m\u00faltiples partes"
}
],
"id": "CVE-2020-25759",
"lastModified": "2024-11-21T05:18:41.377",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-15T20:15:16.307",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10195"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.digitaldefense.com/news/zero-day-vuln-d-link-vpn-routers/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dlink.com/en/security-bulletin"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10195"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.digitaldefense.com/news/zero-day-vuln-d-link-vpn-routers/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dlink.com/en/security-bulletin"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-19 04:24
Modified
2025-04-11 00:51
Severity ?
Summary
The runShellCmd function in systemCheck.htm in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) "Ping or Trace an IP Address" or (2) "Perform a DNS Lookup" section.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2616EA9D-842A-4C08-BEC0-DD0DE15627C4",
"versionEndIncluding": "1.08b51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.02b11:*:*:*:*:*:*:*",
"matchCriteriaId": "86F457CD-2B3A-4571-941B-CEEAD52635C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.02b25:*:*:*:*:*:*:*",
"matchCriteriaId": "7D5FB42D-B664-4CD1-A9BE-BEEB3D2455F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.03b12:*:*:*:*:*:*:*",
"matchCriteriaId": "0836B735-04EB-46DA-A5FD-918CF254DC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.03b23:*:*:*:*:*:*:*",
"matchCriteriaId": "C40D5762-D950-4C59-8E60-AD63A5C4F43E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.03b27:*:*:*:*:*:*:*",
"matchCriteriaId": "CD052065-A62C-4E77-AF30-A7BFE87BEF0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.03b36:*:*:*:*:*:*:*",
"matchCriteriaId": "84589477-A03F-4350-8F48-AA65A3E2F8EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.03b43:*:*:*:*:*:*:*",
"matchCriteriaId": "73B9957F-92B8-471A-90C1-541857228220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.04b58:*:*:*:*:*:*:*",
"matchCriteriaId": "BB19EF7D-8CDD-4640-B272-2B31C6C8DC40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.06b43:*:*:*:*:*:*:*",
"matchCriteriaId": "D3DE0EAD-26FE-4A08-8B3F-94B7B46B3EE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.06b53:*:*:*:*:*:*:*",
"matchCriteriaId": "3EEC400B-B9A7-4672-98BB-57EE722FDDBB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ABF00635-340E-4116-8B4A-46138C13C9C3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-150n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2655D2C-0A71-4F14-8CB6-9A8E5B0BA2D2",
"versionEndIncluding": "1.05b48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-150n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "729C8468-E3D3-4089-B095-A41C719E9F8C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-250n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8875595-6A45-41F4-BD4F-88E4B01987FB",
"versionEndIncluding": "1.08b39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250n_firmware:1.01b46:*:*:*:*:*:*:*",
"matchCriteriaId": "4D87E55E-8FB9-46DD-B7E3-0FF5844AACCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250n_firmware:1.01b56:*:*:*:*:*:*:*",
"matchCriteriaId": "7054BD9D-2CBD-4EB2-A52C-6EAD0DF16CEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250n_firmware:1.05b20:*:*:*:*:*:*:*",
"matchCriteriaId": "7C7D6C20-02AB-45C2-8DF6-7406EF4B9E09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250n_firmware:1.05b53:*:*:*:*:*:*:*",
"matchCriteriaId": "20584156-C553-4AEA-A19C-A4BB67B5390A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250n_firmware:1.08b31:*:*:*:*:*:*:*",
"matchCriteriaId": "1CB44CCA-AC5E-4169-A4DA-8873C1435C04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-250n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8754060-E58E-4A9A-AB59-0279E8BC793A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A6B7598-20C1-4F1A-BFA8-16C66D210216",
"versionEndIncluding": "1.08b51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.01b50:*:*:*:*:*:*:*",
"matchCriteriaId": "6F9A4E2D-8F74-4CD3-85F0-5DA4749B0F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.02b11:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA26493-2F60-41C1-9563-75FAA116DBA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.02b25:*:*:*:*:*:*:*",
"matchCriteriaId": "4D5BA908-B289-4917-8AE3-E57DACB93501",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.03b12:*:*:*:*:*:*:*",
"matchCriteriaId": "9B94BCF9-13FC-4930-92A4-6AF97699672B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.03b23:*:*:*:*:*:*:*",
"matchCriteriaId": "F1AED08D-47B4-4A13-8291-2E49AEB1B69F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.03b27:*:*:*:*:*:*:*",
"matchCriteriaId": "2904D8F1-633D-4DF8-9808-2961998CE510",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.03b36:*:*:*:*:*:*:*",
"matchCriteriaId": "FE195794-EDE9-477A-9934-8CE2ED1B19E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.03b43:*:*:*:*:*:*:*",
"matchCriteriaId": "BC8C2F15-6867-4647-9D2F-8F3D9F3054DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.04b58:*:*:*:*:*:*:*",
"matchCriteriaId": "AFF08CD6-A360-4291-8159-DB2A07B8F2A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.06b43:*:*:*:*:*:*:*",
"matchCriteriaId": "DDDBCCF6-71B8-45A8-86C4-97B622793179",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.06b53:*:*:*:*:*:*:*",
"matchCriteriaId": "FF0BFC1A-B6DF-4D2E-9DD9-566E20CAD172",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFF423A8-2E0B-4618-B384-5C97B4315B88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-150_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83CA3AD5-8BB3-4C52-B1D4-57F24C7E3ECE",
"versionEndIncluding": "1.08b29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-150_firmware:1.05b29:*:*:*:*:*:*:*",
"matchCriteriaId": "EDDC40C8-1BB2-4151-BAA4-E28C5AC94654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-150_firmware:1.05b35:*:*:*:*:*:*:*",
"matchCriteriaId": "ADB61873-D7C7-400D-AAA3-5F65F459B573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-150_firmware:1.05b46:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD638F5-3A13-45D2-A343-1733611C5173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-150_firmware:1.05b50:*:*:*:*:*:*:*",
"matchCriteriaId": "9A27097B-44CF-47FB-90D1-0D244209E9DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F9246BA-7F85-4564-B1B5-03BBBF9E2F35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-250_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F360917-0D86-4B7C-8699-EAE3A5155DAD",
"versionEndIncluding": "1.08b39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250_firmware:1.01b46:*:*:*:*:*:*:*",
"matchCriteriaId": "91015BD6-F1EF-4E77-991E-5A895DF204FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250_firmware:1.01b56:*:*:*:*:*:*:*",
"matchCriteriaId": "36443128-6668-4FB6-9B96-1C695EB5B0BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250_firmware:1.05b20:*:*:*:*:*:*:*",
"matchCriteriaId": "11E46972-D923-4AB7-BC2E-49D9DBC65202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250_firmware:1.05b53:*:*:*:*:*:*:*",
"matchCriteriaId": "71900351-AF65-4AFB-A77E-361075583F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250_firmware:1.08b31:*:*:*:*:*:*:*",
"matchCriteriaId": "0540F822-7F53-4282-A480-6E4A15994AF8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "702F0FE2-5E5A-4E2B-8B7A-A0C84FF74F4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "289208CD-49AB-48A8-AD2E-BF4AFA479990",
"versionEndIncluding": "1.08b51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.01b50:*:*:*:*:*:*:*",
"matchCriteriaId": "0FA9027F-9EBE-45FB-8128-E1E27F1B12EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.02b11:*:*:*:*:*:*:*",
"matchCriteriaId": "90E36C7E-02A1-4389-A706-B73D6C236E50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.02b25:*:*:*:*:*:*:*",
"matchCriteriaId": "D5146B3C-CC4C-49C4-9B8B-BF9FC3E45293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.03b12:*:*:*:*:*:*:*",
"matchCriteriaId": "79117184-9444-443B-9CF8-F4D2E19413A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.03b23:*:*:*:*:*:*:*",
"matchCriteriaId": "AD92EB60-B33E-4653-BE5B-449DC18E073F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.03b27:*:*:*:*:*:*:*",
"matchCriteriaId": "DAE86995-60E0-4F50-A008-EBB227CC4207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.03b36:*:*:*:*:*:*:*",
"matchCriteriaId": "9B6BA51E-FCC6-4BCC-A4FF-AF49602C6D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.03b43:*:*:*:*:*:*:*",
"matchCriteriaId": "484A7789-9A84-4E01-B7C8-97FC769D21AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.04b58:*:*:*:*:*:*:*",
"matchCriteriaId": "592C6173-8084-4857-AD6A-DDF9F66CE881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.06b43:*:*:*:*:*:*:*",
"matchCriteriaId": "A8025D5C-331B-4A62-9A0D-29EA63E7AB30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.06b53:*:*:*:*:*:*:*",
"matchCriteriaId": "2987ACFB-FE89-4901-8A64-B5B61F4D4EE1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-1000n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE07EC6-89F9-4E76-A5CE-B8EA28727F9A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA8E760B-FBD1-4949-9E7C-35E216094B58",
"versionEndIncluding": "1.08b51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.02b11:*:*:*:*:*:*:*",
"matchCriteriaId": "F0478AA5-8740-4458-855A-11804597FA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.02b25:*:*:*:*:*:*:*",
"matchCriteriaId": "A6009D02-5CE9-4D08-8C6A-005F66ED8A29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.03b12:*:*:*:*:*:*:*",
"matchCriteriaId": "2DBC6011-8C8A-4EAA-8B6B-933C128E7A97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.03b23:*:*:*:*:*:*:*",
"matchCriteriaId": "540C7261-9352-4CF1-BCF8-13615EFB7C4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.03b27:*:*:*:*:*:*:*",
"matchCriteriaId": "31C51D13-005D-4CB0-AB05-D38CC4E5096B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.03b36:*:*:*:*:*:*:*",
"matchCriteriaId": "4C3F3332-EEE2-492F-9585-62E4256ECBC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.03b43:*:*:*:*:*:*:*",
"matchCriteriaId": "0DE1C593-B0E7-4715-9AA5-CF7A3A87F05E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.04b58:*:*:*:*:*:*:*",
"matchCriteriaId": "2D4D1637-5291-45CD-BA6A-B71D9199F0F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.06b43:*:*:*:*:*:*:*",
"matchCriteriaId": "25136989-A83E-4C65-A354-8A0E2101EE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.06b53:*:*:*:*:*:*:*",
"matchCriteriaId": "36E387CF-AAE4-4EED-A7E2-6D2FE9B5933F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-500n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B085DCB-4804-43ED-8634-0B4EB8DCD750",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The runShellCmd function in systemCheck.htm in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) \"Ping or Trace an IP Address\" or (2) \"Perform a DNS Lookup\" section."
},
{
"lang": "es",
"value": "La funci\u00f3n runShellCmd en systemCheck.htm en D-Link DSR-150 con firmware anterior a 1.08B44; DSR-150N con firmware anterior a 1.05B64; DSR-250 y DSR-250N con firmware anterior a 1.08B44; y DSR500, DSR-500N, DSR-1000, y DSR-100N con firmware anterior a 1.08B77 permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de metacaracteres de la consola en la secci\u00f3n (1) \"Ping or Trace an IP Address\" o (2) \"Perform a DNS Lookup\"."
}
],
"id": "CVE-2013-5946",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-19T04:24:51.930",
"references": [
{
"source": "cve@mitre.org",
"url": "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/30061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/30061"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-15 20:15
Modified
2024-11-21 05:18
Severity ?
Summary
An issue was discovered on D-Link DSR-250 3.17 devices. Insufficient validation of configuration file checksums could allow a remote, authenticated attacker to inject arbitrary crontab entries into saved configurations before uploading. These entries are executed as root.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dsr-150_firmware | * | |
| dlink | dsr-150 | - | |
| dlink | dsr-150n_firmware | * | |
| dlink | dsr-150n | - | |
| dlink | dsr-250_firmware | * | |
| dlink | dsr-250 | - | |
| dlink | dsr-250n_firmware | * | |
| dlink | dsr-250n | - | |
| dlink | dsr-500_firmware | * | |
| dlink | dsr-500 | - | |
| dlink | dsr-500n_firmware | * | |
| dlink | dsr-500n | - | |
| dlink | dsr-500ac_firmware | * | |
| dlink | dsr-500ac | - | |
| dlink | dsr-1000_firmware | * | |
| dlink | dsr-1000 | - | |
| dlink | dsr-1000n_firmware | * | |
| dlink | dsr-1000n | - | |
| dlink | dsr-1000ac_firmware | * | |
| dlink | dsr-1000ac | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-150_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93C5755D-5EB7-449E-81D9-20DBA0F36345",
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F9246BA-7F85-4564-B1B5-03BBBF9E2F35",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-150n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3AE6313B-F71A-4AE4-8778-E30A93B1942B",
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-150n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "729C8468-E3D3-4089-B095-A41C719E9F8C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-250_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1ABEF03D-2411-4B84-BB67-831DC0164C9D",
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "702F0FE2-5E5A-4E2B-8B7A-A0C84FF74F4E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-250n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "834CDDBF-DC00-40FD-86C1-9AF2A42BB317",
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-250n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8754060-E58E-4A9A-AB59-0279E8BC793A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64D78EB2-B98D-4196-B678-BF43227770F2",
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ABF00635-340E-4116-8B4A-46138C13C9C3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A56B78EB-01FB-472A-B147-F2DF9E1C70E1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-500n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B085DCB-4804-43ED-8634-0B4EB8DCD750",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-500ac_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC42D575-0178-43EF-814F-DE6D738FB2A5",
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-500ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC082E6B-E33F-4A69-A9B7-5E4D2D03C996",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19A81670-E7DA-4179-A0A5-00938299BF6C",
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFF423A8-2E0B-4618-B384-5C97B4315B88",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82F0849C-8622-4839-BE2B-DCDE9CE7B257",
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-1000n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE07EC6-89F9-4E76-A5CE-B8EA28727F9A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-1000ac_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7F64A55-D6BF-4440-8336-22E5C1BF36D0",
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-1000ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3DD4F77B-72B4-4261-884C-8F17B52A4643",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on D-Link DSR-250 3.17 devices. Insufficient validation of configuration file checksums could allow a remote, authenticated attacker to inject arbitrary crontab entries into saved configurations before uploading. These entries are executed as root."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en los dispositivos D-Link DSR-250 versi\u00f3n 3.17.\u0026#xa0;Una comprobaci\u00f3n insuficiente de checksums del archivo de configuraci\u00f3n, podr\u00eda permitir a un atacante autenticado remoto inyectar entradas crontab arbitrarias en las configuraciones guardadas antes de cargarlas.\u0026#xa0;Estas entradas son ejecutadas como root"
}
],
"id": "CVE-2020-25758",
"lastModified": "2024-11-21T05:18:41.153",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-15T20:15:16.243",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10195"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.digitaldefense.com/news/zero-day-vuln-d-link-vpn-routers/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dlink.com/en/security-bulletin"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10195"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.digitaldefense.com/news/zero-day-vuln-d-link-vpn-routers/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dlink.com/en/security-bulletin"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-354"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-15 20:15
Modified
2024-11-21 05:18
Severity ?
Summary
A lack of input validation and access controls in Lua CGIs on D-Link DSR VPN routers may result in arbitrary input being passed to system command APIs, resulting in arbitrary command execution with root privileges. This affects DSR-150, DSR-250, DSR-500, and DSR-1000AC with firmware 3.14 and 3.17.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dsr-150_firmware | * | |
| dlink | dsr-150 | - | |
| dlink | dsr-150n_firmware | * | |
| dlink | dsr-150n | - | |
| dlink | dsr-250_firmware | * | |
| dlink | dsr-250 | - | |
| dlink | dsr-250n_firmware | * | |
| dlink | dsr-250n | - | |
| dlink | dsr-500_firmware | * | |
| dlink | dsr-500 | - | |
| dlink | dsr-500n_firmware | * | |
| dlink | dsr-500n | - | |
| dlink | dsr-500ac_firmware | * | |
| dlink | dsr-500ac | - | |
| dlink | dsr-1000_firmware | * | |
| dlink | dsr-1000 | - | |
| dlink | dsr-1000n_firmware | * | |
| dlink | dsr-1000n | - | |
| dlink | dsr-1000ac_firmware | * | |
| dlink | dsr-1000ac | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-150_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93C5755D-5EB7-449E-81D9-20DBA0F36345",
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F9246BA-7F85-4564-B1B5-03BBBF9E2F35",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-150n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3AE6313B-F71A-4AE4-8778-E30A93B1942B",
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-150n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "729C8468-E3D3-4089-B095-A41C719E9F8C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-250_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1ABEF03D-2411-4B84-BB67-831DC0164C9D",
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "702F0FE2-5E5A-4E2B-8B7A-A0C84FF74F4E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-250n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "834CDDBF-DC00-40FD-86C1-9AF2A42BB317",
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-250n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8754060-E58E-4A9A-AB59-0279E8BC793A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64D78EB2-B98D-4196-B678-BF43227770F2",
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ABF00635-340E-4116-8B4A-46138C13C9C3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A56B78EB-01FB-472A-B147-F2DF9E1C70E1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-500n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B085DCB-4804-43ED-8634-0B4EB8DCD750",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-500ac_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC42D575-0178-43EF-814F-DE6D738FB2A5",
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-500ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC082E6B-E33F-4A69-A9B7-5E4D2D03C996",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19A81670-E7DA-4179-A0A5-00938299BF6C",
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFF423A8-2E0B-4618-B384-5C97B4315B88",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82F0849C-8622-4839-BE2B-DCDE9CE7B257",
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-1000n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE07EC6-89F9-4E76-A5CE-B8EA28727F9A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-1000ac_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7F64A55-D6BF-4440-8336-22E5C1BF36D0",
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-1000ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3DD4F77B-72B4-4261-884C-8F17B52A4643",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A lack of input validation and access controls in Lua CGIs on D-Link DSR VPN routers may result in arbitrary input being passed to system command APIs, resulting in arbitrary command execution with root privileges. This affects DSR-150, DSR-250, DSR-500, and DSR-1000AC with firmware 3.14 and 3.17."
},
{
"lang": "es",
"value": "Una falta de comprobaci\u00f3n de entrada y controles de acceso en Lua CGI en enrutadores D-Link DSR VPN, puede resultar en una entrada arbitraria que es pasada a las API de comando del sistema, resultando en una ejecuci\u00f3n de comandos arbitrarios con privilegios root.\u0026#xa0;Esto afecta a DSR-150, DSR-250, DSR-500 y DSR-1000AC con versiones de firmware 3.14 y 3.17"
}
],
"id": "CVE-2020-25757",
"lastModified": "2024-11-21T05:18:40.930",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-15T20:15:16.183",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10195"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.digitaldefense.com/news/zero-day-vuln-d-link-vpn-routers/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dlink.com/en/security-bulletin"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10195"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.digitaldefense.com/news/zero-day-vuln-d-link-vpn-routers/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dlink.com/en/security-bulletin"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-19 04:24
Modified
2025-04-11 00:51
Severity ?
Summary
D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 stores account passwords in cleartext, which allows local users to obtain sensitive information by reading the Users[#]["Password"] fields in /tmp/teamf1.cfg.ascii.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-150_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83CA3AD5-8BB3-4C52-B1D4-57F24C7E3ECE",
"versionEndIncluding": "1.08b29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-150_firmware:1.05b29:*:*:*:*:*:*:*",
"matchCriteriaId": "EDDC40C8-1BB2-4151-BAA4-E28C5AC94654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-150_firmware:1.05b35:*:*:*:*:*:*:*",
"matchCriteriaId": "ADB61873-D7C7-400D-AAA3-5F65F459B573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-150_firmware:1.05b46:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD638F5-3A13-45D2-A343-1733611C5173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-150_firmware:1.05b50:*:*:*:*:*:*:*",
"matchCriteriaId": "9A27097B-44CF-47FB-90D1-0D244209E9DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F9246BA-7F85-4564-B1B5-03BBBF9E2F35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-250_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F360917-0D86-4B7C-8699-EAE3A5155DAD",
"versionEndIncluding": "1.08b39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250_firmware:1.01b46:*:*:*:*:*:*:*",
"matchCriteriaId": "91015BD6-F1EF-4E77-991E-5A895DF204FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250_firmware:1.01b56:*:*:*:*:*:*:*",
"matchCriteriaId": "36443128-6668-4FB6-9B96-1C695EB5B0BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250_firmware:1.05b20:*:*:*:*:*:*:*",
"matchCriteriaId": "11E46972-D923-4AB7-BC2E-49D9DBC65202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250_firmware:1.05b53:*:*:*:*:*:*:*",
"matchCriteriaId": "71900351-AF65-4AFB-A77E-361075583F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250_firmware:1.08b31:*:*:*:*:*:*:*",
"matchCriteriaId": "0540F822-7F53-4282-A480-6E4A15994AF8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "702F0FE2-5E5A-4E2B-8B7A-A0C84FF74F4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "289208CD-49AB-48A8-AD2E-BF4AFA479990",
"versionEndIncluding": "1.08b51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.01b50:*:*:*:*:*:*:*",
"matchCriteriaId": "0FA9027F-9EBE-45FB-8128-E1E27F1B12EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.02b11:*:*:*:*:*:*:*",
"matchCriteriaId": "90E36C7E-02A1-4389-A706-B73D6C236E50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.02b25:*:*:*:*:*:*:*",
"matchCriteriaId": "D5146B3C-CC4C-49C4-9B8B-BF9FC3E45293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.03b12:*:*:*:*:*:*:*",
"matchCriteriaId": "79117184-9444-443B-9CF8-F4D2E19413A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.03b23:*:*:*:*:*:*:*",
"matchCriteriaId": "AD92EB60-B33E-4653-BE5B-449DC18E073F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.03b27:*:*:*:*:*:*:*",
"matchCriteriaId": "DAE86995-60E0-4F50-A008-EBB227CC4207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.03b36:*:*:*:*:*:*:*",
"matchCriteriaId": "9B6BA51E-FCC6-4BCC-A4FF-AF49602C6D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.03b43:*:*:*:*:*:*:*",
"matchCriteriaId": "484A7789-9A84-4E01-B7C8-97FC769D21AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.04b58:*:*:*:*:*:*:*",
"matchCriteriaId": "592C6173-8084-4857-AD6A-DDF9F66CE881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.06b43:*:*:*:*:*:*:*",
"matchCriteriaId": "A8025D5C-331B-4A62-9A0D-29EA63E7AB30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.06b53:*:*:*:*:*:*:*",
"matchCriteriaId": "2987ACFB-FE89-4901-8A64-B5B61F4D4EE1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-1000n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE07EC6-89F9-4E76-A5CE-B8EA28727F9A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-150n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2655D2C-0A71-4F14-8CB6-9A8E5B0BA2D2",
"versionEndIncluding": "1.05b48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-150n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "729C8468-E3D3-4089-B095-A41C719E9F8C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2616EA9D-842A-4C08-BEC0-DD0DE15627C4",
"versionEndIncluding": "1.08b51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.02b11:*:*:*:*:*:*:*",
"matchCriteriaId": "86F457CD-2B3A-4571-941B-CEEAD52635C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.02b25:*:*:*:*:*:*:*",
"matchCriteriaId": "7D5FB42D-B664-4CD1-A9BE-BEEB3D2455F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.03b12:*:*:*:*:*:*:*",
"matchCriteriaId": "0836B735-04EB-46DA-A5FD-918CF254DC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.03b23:*:*:*:*:*:*:*",
"matchCriteriaId": "C40D5762-D950-4C59-8E60-AD63A5C4F43E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.03b27:*:*:*:*:*:*:*",
"matchCriteriaId": "CD052065-A62C-4E77-AF30-A7BFE87BEF0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.03b36:*:*:*:*:*:*:*",
"matchCriteriaId": "84589477-A03F-4350-8F48-AA65A3E2F8EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.03b43:*:*:*:*:*:*:*",
"matchCriteriaId": "73B9957F-92B8-471A-90C1-541857228220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.04b58:*:*:*:*:*:*:*",
"matchCriteriaId": "BB19EF7D-8CDD-4640-B272-2B31C6C8DC40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.06b43:*:*:*:*:*:*:*",
"matchCriteriaId": "D3DE0EAD-26FE-4A08-8B3F-94B7B46B3EE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.06b53:*:*:*:*:*:*:*",
"matchCriteriaId": "3EEC400B-B9A7-4672-98BB-57EE722FDDBB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ABF00635-340E-4116-8B4A-46138C13C9C3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A6B7598-20C1-4F1A-BFA8-16C66D210216",
"versionEndIncluding": "1.08b51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.01b50:*:*:*:*:*:*:*",
"matchCriteriaId": "6F9A4E2D-8F74-4CD3-85F0-5DA4749B0F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.02b11:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA26493-2F60-41C1-9563-75FAA116DBA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.02b25:*:*:*:*:*:*:*",
"matchCriteriaId": "4D5BA908-B289-4917-8AE3-E57DACB93501",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.03b12:*:*:*:*:*:*:*",
"matchCriteriaId": "9B94BCF9-13FC-4930-92A4-6AF97699672B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.03b23:*:*:*:*:*:*:*",
"matchCriteriaId": "F1AED08D-47B4-4A13-8291-2E49AEB1B69F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.03b27:*:*:*:*:*:*:*",
"matchCriteriaId": "2904D8F1-633D-4DF8-9808-2961998CE510",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.03b36:*:*:*:*:*:*:*",
"matchCriteriaId": "FE195794-EDE9-477A-9934-8CE2ED1B19E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.03b43:*:*:*:*:*:*:*",
"matchCriteriaId": "BC8C2F15-6867-4647-9D2F-8F3D9F3054DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.04b58:*:*:*:*:*:*:*",
"matchCriteriaId": "AFF08CD6-A360-4291-8159-DB2A07B8F2A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.06b43:*:*:*:*:*:*:*",
"matchCriteriaId": "DDDBCCF6-71B8-45A8-86C4-97B622793179",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.06b53:*:*:*:*:*:*:*",
"matchCriteriaId": "FF0BFC1A-B6DF-4D2E-9DD9-566E20CAD172",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFF423A8-2E0B-4618-B384-5C97B4315B88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-250n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8875595-6A45-41F4-BD4F-88E4B01987FB",
"versionEndIncluding": "1.08b39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250n_firmware:1.01b46:*:*:*:*:*:*:*",
"matchCriteriaId": "4D87E55E-8FB9-46DD-B7E3-0FF5844AACCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250n_firmware:1.01b56:*:*:*:*:*:*:*",
"matchCriteriaId": "7054BD9D-2CBD-4EB2-A52C-6EAD0DF16CEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250n_firmware:1.05b20:*:*:*:*:*:*:*",
"matchCriteriaId": "7C7D6C20-02AB-45C2-8DF6-7406EF4B9E09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250n_firmware:1.05b53:*:*:*:*:*:*:*",
"matchCriteriaId": "20584156-C553-4AEA-A19C-A4BB67B5390A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250n_firmware:1.08b31:*:*:*:*:*:*:*",
"matchCriteriaId": "1CB44CCA-AC5E-4169-A4DA-8873C1435C04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-250n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8754060-E58E-4A9A-AB59-0279E8BC793A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA8E760B-FBD1-4949-9E7C-35E216094B58",
"versionEndIncluding": "1.08b51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.02b11:*:*:*:*:*:*:*",
"matchCriteriaId": "F0478AA5-8740-4458-855A-11804597FA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.02b25:*:*:*:*:*:*:*",
"matchCriteriaId": "A6009D02-5CE9-4D08-8C6A-005F66ED8A29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.03b12:*:*:*:*:*:*:*",
"matchCriteriaId": "2DBC6011-8C8A-4EAA-8B6B-933C128E7A97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.03b23:*:*:*:*:*:*:*",
"matchCriteriaId": "540C7261-9352-4CF1-BCF8-13615EFB7C4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.03b27:*:*:*:*:*:*:*",
"matchCriteriaId": "31C51D13-005D-4CB0-AB05-D38CC4E5096B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.03b36:*:*:*:*:*:*:*",
"matchCriteriaId": "4C3F3332-EEE2-492F-9585-62E4256ECBC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.03b43:*:*:*:*:*:*:*",
"matchCriteriaId": "0DE1C593-B0E7-4715-9AA5-CF7A3A87F05E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.04b58:*:*:*:*:*:*:*",
"matchCriteriaId": "2D4D1637-5291-45CD-BA6A-B71D9199F0F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.06b43:*:*:*:*:*:*:*",
"matchCriteriaId": "25136989-A83E-4C65-A354-8A0E2101EE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.06b53:*:*:*:*:*:*:*",
"matchCriteriaId": "36E387CF-AAE4-4EED-A7E2-6D2FE9B5933F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-500n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B085DCB-4804-43ED-8634-0B4EB8DCD750",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 stores account passwords in cleartext, which allows local users to obtain sensitive information by reading the Users[#][\"Password\"] fields in /tmp/teamf1.cfg.ascii."
},
{
"lang": "es",
"value": "D-Link DSR-150 con firmware anterior a 1.08B44; DSR-150N con firmware anterior a 1.06B64; DSR-250 y DSR-250N con firmware anterior a 1.08B44; y DSR-500, DSR-500N, DSR-1000 y DSR-1000N con firmware anterior a 1.08B77, almacena contrase\u00f1as de cuentas en texto plano, lo cual permite a usuarios locales obtener informaci\u00f3n sensible leyendo los campos Users[#][\"Password\"] en 7tmp/teamf1.cfg.ascii."
}
],
"id": "CVE-2013-7005",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-19T04:24:57.493",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/30061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/30061"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2013-5945 (GCVE-0-2013-5945)
Vulnerability from cvelistv5
Published
2020-02-11 01:54
Modified
2024-08-06 17:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allow remote attackers to execute arbitrary SQL commands via the password to (1) the login.authenticate function in share/lua/5.1/teamf1lualib/login.lua or (2) captivePortal.lua.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:42.358Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/30061"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-10-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allow remote attackers to execute arbitrary SQL commands via the password to (1) the login.authenticate function in share/lua/5.1/teamf1lualib/login.lua or (2) captivePortal.lua."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-11T01:54:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.exploit-db.com/exploits/30061"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5945",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allow remote attackers to execute arbitrary SQL commands via the password to (1) the login.authenticate function in share/lua/5.1/teamf1lualib/login.lua or (2) captivePortal.lua."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf",
"refsource": "MISC",
"url": "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf"
},
{
"name": "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf",
"refsource": "MISC",
"url": "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf"
},
{
"name": "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf",
"refsource": "MISC",
"url": "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf"
},
{
"name": "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf",
"refsource": "MISC",
"url": "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf"
},
{
"name": "http://www.exploit-db.com/exploits/30061",
"refsource": "MISC",
"url": "http://www.exploit-db.com/exploits/30061"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5945",
"datePublished": "2020-02-11T01:54:15",
"dateReserved": "2013-09-27T00:00:00",
"dateUpdated": "2024-08-06T17:29:42.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-39615 (GCVE-0-2021-39615)
Vulnerability from cvelistv5
Published
2021-08-23 21:21
Modified
2024-08-04 02:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
D-Link DSR-500N version 1.02 contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file.If an attacker succeeds in recovering the cleartext password of the identified hash value, he will be able to log in via SSH or Telnet and thus gain access to the underlying embedded Linux operating system on the device. Fixed in version 2.12/2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.dlink.com/en/security-bulletin/ | x_refsource_MISC | |
| https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10235 | x_refsource_MISC | |
| https://www.nussko.com/advisories/advisory-2021-08-02.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:13:37.241Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10235"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.nussko.com/advisories/advisory-2021-08-02.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "D-Link DSR-500N version 1.02 contains hard-coded credentials for undocumented user accounts in the \u0027/etc/passwd\u0027 file.If an attacker succeeds in recovering the cleartext password of the identified hash value, he will be able to log in via SSH or Telnet and thus gain access to the underlying embedded Linux operating system on the device. Fixed in version 2.12/2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-23T21:21:47",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10235"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.nussko.com/advisories/advisory-2021-08-02.txt"
}
],
"tags": [
"unsupported-when-assigned"
],
"x_ConverterErrors": {
"cvssV3_1": {
"error": "CVSSV3_1 data from v4 record is invalid",
"message": "Missing mandatory metrics \"AV\""
}
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-39615",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** UNSUPPORTED WHEN ASSIGNED ** D-Link DSR-500N version 1.02 contains hard-coded credentials for undocumented user accounts in the \u0027/etc/passwd\u0027 file.If an attacker succeeds in recovering the cleartext password of the identified hash value, he will be able to log in via SSH or Telnet and thus gain access to the underlying embedded Linux operating system on the device. Fixed in version 2.12/2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/A:H/C:H/I:H/PR:N/S:U/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dlink.com/en/security-bulletin/",
"refsource": "MISC",
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10235",
"refsource": "MISC",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10235"
},
{
"name": "https://www.nussko.com/advisories/advisory-2021-08-02.txt",
"refsource": "MISC",
"url": "https://www.nussko.com/advisories/advisory-2021-08-02.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-39615",
"datePublished": "2021-08-23T21:21:47",
"dateReserved": "2021-08-23T00:00:00",
"dateUpdated": "2024-08-04T02:13:37.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25758 (GCVE-0-2020-25758)
Vulnerability from cvelistv5
Published
2020-12-15 19:27
Modified
2024-08-04 15:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered on D-Link DSR-250 3.17 devices. Insufficient validation of configuration file checksums could allow a remote, authenticated attacker to inject arbitrary crontab entries into saved configurations before uploading. These entries are executed as root.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.dlink.com/en/security-bulletin | x_refsource_MISC | |
| https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10195 | x_refsource_MISC | |
| https://www.digitaldefense.com/news/zero-day-vuln-d-link-vpn-routers/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:40:36.946Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dlink.com/en/security-bulletin"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10195"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.digitaldefense.com/news/zero-day-vuln-d-link-vpn-routers/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on D-Link DSR-250 3.17 devices. Insufficient validation of configuration file checksums could allow a remote, authenticated attacker to inject arbitrary crontab entries into saved configurations before uploading. These entries are executed as root."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-15T19:27:55",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dlink.com/en/security-bulletin"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10195"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.digitaldefense.com/news/zero-day-vuln-d-link-vpn-routers/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-25758",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on D-Link DSR-250 3.17 devices. Insufficient validation of configuration file checksums could allow a remote, authenticated attacker to inject arbitrary crontab entries into saved configurations before uploading. These entries are executed as root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dlink.com/en/security-bulletin",
"refsource": "MISC",
"url": "https://www.dlink.com/en/security-bulletin"
},
{
"name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10195",
"refsource": "MISC",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10195"
},
{
"name": "https://www.digitaldefense.com/news/zero-day-vuln-d-link-vpn-routers/",
"refsource": "MISC",
"url": "https://www.digitaldefense.com/news/zero-day-vuln-d-link-vpn-routers/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-25758",
"datePublished": "2020-12-15T19:27:55",
"dateReserved": "2020-09-18T00:00:00",
"dateUpdated": "2024-08-04T15:40:36.946Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5946 (GCVE-0-2013-5946)
Vulnerability from cvelistv5
Published
2013-12-19 02:00
Modified
2024-08-06 17:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The runShellCmd function in systemCheck.htm in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) "Ping or Trace an IP Address" or (2) "Perform a DNS Lookup" section.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf | x_refsource_CONFIRM | |
| http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf | x_refsource_CONFIRM | |
| http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf | x_refsource_CONFIRM | |
| http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf | x_refsource_CONFIRM | |
| http://www.exploit-db.com/exploits/30061 | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:42.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf"
},
{
"name": "30061",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/30061"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-10-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The runShellCmd function in systemCheck.htm in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) \"Ping or Trace an IP Address\" or (2) \"Perform a DNS Lookup\" section."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-19T01:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf"
},
{
"name": "30061",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/30061"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5946",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The runShellCmd function in systemCheck.htm in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) \"Ping or Trace an IP Address\" or (2) \"Perform a DNS Lookup\" section."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf",
"refsource": "CONFIRM",
"url": "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf"
},
{
"name": "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf",
"refsource": "CONFIRM",
"url": "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf"
},
{
"name": "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf",
"refsource": "CONFIRM",
"url": "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf"
},
{
"name": "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf",
"refsource": "CONFIRM",
"url": "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf"
},
{
"name": "30061",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/30061"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5946",
"datePublished": "2013-12-19T02:00:00",
"dateReserved": "2013-09-27T00:00:00",
"dateUpdated": "2024-08-06T17:29:42.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7004 (GCVE-0-2013-7004)
Vulnerability from cvelistv5
Published
2013-12-19 02:00
Modified
2024-08-06 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 have a hardcoded account of username gkJ9232xXyruTRmY, which makes it easier for remote attackers to obtain access by leveraging knowledge of the username.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf | x_refsource_MISC | |
| http://www.exploit-db.com/exploits/30061 | exploit, x_refsource_EXPLOIT-DB | |
| http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf | x_refsource_MISC | |
| http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf | x_refsource_MISC | |
| http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:46.023Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf"
},
{
"name": "30061",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/30061"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 have a hardcoded account of username gkJ9232xXyruTRmY, which makes it easier for remote attackers to obtain access by leveraging knowledge of the username."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-19T01:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf"
},
{
"name": "30061",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/30061"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7004",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 have a hardcoded account of username gkJ9232xXyruTRmY, which makes it easier for remote attackers to obtain access by leveraging knowledge of the username."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf",
"refsource": "MISC",
"url": "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf"
},
{
"name": "30061",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/30061"
},
{
"name": "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf",
"refsource": "MISC",
"url": "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf"
},
{
"name": "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf",
"refsource": "MISC",
"url": "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf"
},
{
"name": "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf",
"refsource": "MISC",
"url": "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7004",
"datePublished": "2013-12-19T02:00:00",
"dateReserved": "2013-12-07T00:00:00",
"dateUpdated": "2024-08-06T17:53:46.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7005 (GCVE-0-2013-7005)
Vulnerability from cvelistv5
Published
2013-12-19 02:00
Modified
2024-08-06 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 stores account passwords in cleartext, which allows local users to obtain sensitive information by reading the Users[#]["Password"] fields in /tmp/teamf1.cfg.ascii.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.exploit-db.com/exploits/30061 | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:46.062Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30061",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/30061"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 stores account passwords in cleartext, which allows local users to obtain sensitive information by reading the Users[#][\"Password\"] fields in /tmp/teamf1.cfg.ascii."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-19T01:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30061",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/30061"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7005",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 stores account passwords in cleartext, which allows local users to obtain sensitive information by reading the Users[#][\"Password\"] fields in /tmp/teamf1.cfg.ascii."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30061",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/30061"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7005",
"datePublished": "2013-12-19T02:00:00",
"dateReserved": "2013-12-07T00:00:00",
"dateUpdated": "2024-08-06T17:53:46.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25757 (GCVE-0-2020-25757)
Vulnerability from cvelistv5
Published
2020-12-15 19:27
Modified
2024-08-04 15:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A lack of input validation and access controls in Lua CGIs on D-Link DSR VPN routers may result in arbitrary input being passed to system command APIs, resulting in arbitrary command execution with root privileges. This affects DSR-150, DSR-250, DSR-500, and DSR-1000AC with firmware 3.14 and 3.17.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.dlink.com/en/security-bulletin | x_refsource_MISC | |
| https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10195 | x_refsource_MISC | |
| https://www.digitaldefense.com/news/zero-day-vuln-d-link-vpn-routers/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:40:36.937Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dlink.com/en/security-bulletin"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10195"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.digitaldefense.com/news/zero-day-vuln-d-link-vpn-routers/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A lack of input validation and access controls in Lua CGIs on D-Link DSR VPN routers may result in arbitrary input being passed to system command APIs, resulting in arbitrary command execution with root privileges. This affects DSR-150, DSR-250, DSR-500, and DSR-1000AC with firmware 3.14 and 3.17."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-15T19:27:32",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dlink.com/en/security-bulletin"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10195"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.digitaldefense.com/news/zero-day-vuln-d-link-vpn-routers/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-25757",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A lack of input validation and access controls in Lua CGIs on D-Link DSR VPN routers may result in arbitrary input being passed to system command APIs, resulting in arbitrary command execution with root privileges. This affects DSR-150, DSR-250, DSR-500, and DSR-1000AC with firmware 3.14 and 3.17."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dlink.com/en/security-bulletin",
"refsource": "MISC",
"url": "https://www.dlink.com/en/security-bulletin"
},
{
"name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10195",
"refsource": "MISC",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10195"
},
{
"name": "https://www.digitaldefense.com/news/zero-day-vuln-d-link-vpn-routers/",
"refsource": "MISC",
"url": "https://www.digitaldefense.com/news/zero-day-vuln-d-link-vpn-routers/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-25757",
"datePublished": "2020-12-15T19:27:32",
"dateReserved": "2020-09-18T00:00:00",
"dateUpdated": "2024-08-04T15:40:36.937Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25759 (GCVE-0-2020-25759)
Vulnerability from cvelistv5
Published
2020-12-15 19:28
Modified
2024-08-04 15:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered on D-Link DSR-250 3.17 devices. Certain functionality in the Unified Services Router web interface could allow an authenticated attacker to execute arbitrary commands, due to a lack of validation of inputs provided in multipart HTTP POST requests.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.dlink.com/en/security-bulletin | x_refsource_MISC | |
| https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10195 | x_refsource_MISC | |
| https://www.digitaldefense.com/news/zero-day-vuln-d-link-vpn-routers/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:40:36.958Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dlink.com/en/security-bulletin"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10195"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.digitaldefense.com/news/zero-day-vuln-d-link-vpn-routers/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on D-Link DSR-250 3.17 devices. Certain functionality in the Unified Services Router web interface could allow an authenticated attacker to execute arbitrary commands, due to a lack of validation of inputs provided in multipart HTTP POST requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-15T19:28:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dlink.com/en/security-bulletin"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10195"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.digitaldefense.com/news/zero-day-vuln-d-link-vpn-routers/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-25759",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on D-Link DSR-250 3.17 devices. Certain functionality in the Unified Services Router web interface could allow an authenticated attacker to execute arbitrary commands, due to a lack of validation of inputs provided in multipart HTTP POST requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dlink.com/en/security-bulletin",
"refsource": "MISC",
"url": "https://www.dlink.com/en/security-bulletin"
},
{
"name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10195",
"refsource": "MISC",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10195"
},
{
"name": "https://www.digitaldefense.com/news/zero-day-vuln-d-link-vpn-routers/",
"refsource": "MISC",
"url": "https://www.digitaldefense.com/news/zero-day-vuln-d-link-vpn-routers/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-25759",
"datePublished": "2020-12-15T19:28:06",
"dateReserved": "2020-09-18T00:00:00",
"dateUpdated": "2024-08-04T15:40:36.958Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}