fkie_cve-2020-25078
Vulnerability from fkie_nvd
Published
2020-09-02 16:15
Modified
2025-11-07 22:02
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint allows for remote administrator password disclosure.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10180 | Patch, Vendor Advisory | |
| cve@mitre.org | https://twitter.com/Dogonsecurity/status/1273251236167516161 | Broken Link, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10180 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://twitter.com/Dogonsecurity/status/1273251236167516161 | Broken Link, Third Party Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://support.dlink.com/productinfo.aspx?m=DCS-2530L | Product | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-25078 | US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dcs-4603_firmware | * | |
| dlink | dcs-4603 | - | |
| dlink | dcs-4622_firmware | * | |
| dlink | dcs-4622 | - | |
| dlink | dcs-4701e_firmware | * | |
| dlink | dcs-4701e | - | |
| dlink | dcs-4703e_firmware | * | |
| dlink | dcs-4703e | - | |
| dlink | dcs-4705e_firmware | * | |
| dlink | dcs-4705e | - | |
| dlink | dcs-4802e_firmware | * | |
| dlink | dcs-4802e | - | |
| dlink | dcs-p703_firmware | * | |
| dlink | dcs-p703 | - | |
| dlink | dcs-2530l_firmware | * | |
| dlink | dcs-2530l | - | |
| dlink | dcs-2670l_firmware | * | |
| dlink | dcs-2670l | - |
{
"cisaActionDue": "2025-08-26",
"cisaExploitAdd": "2025-08-05",
"cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "D-Link DCS-2530L and DCS-2670L Devices Unspecified Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-4603_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41124E24-06BE-417B-A9AF-BD641A75C144",
"versionEndExcluding": "1.04.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-4603:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A2C3661-5F58-4472-B5A0-9A8024788BCD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-4622_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3BA3A472-3DA8-4AC3-84CF-1A2E58360B5A",
"versionEndExcluding": "2.01.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-4622:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE51257-204E-4652-83C8-BE139D176BD4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-4701e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C8B4A06-BB05-4C28-89F0-E0EF7904A903",
"versionEndExcluding": "2.03.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-4701e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3DD99D0-B76B-4E80-AF95-4C36693ED7F3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-4703e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A50FF8A-796D-4DC2-97A0-FA05FF8F292F",
"versionEndExcluding": "1.03.04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-4703e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76074EE9-9D8F-4DC2-8E1F-69B791CC0FE3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-4705e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D1B414B-FA5D-4567-9D75-936F420D91AC",
"versionEndExcluding": "1.03.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-4705e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "056553CE-A448-46AC-A84D-937F026A7659",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-4802e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "270E0460-481C-41A0-9954-850943BA77CE",
"versionEndExcluding": "2.01.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-4802e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "045E6932-6DC2-491D-A45C-B98B14C362BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-p703_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1ADE8472-8AFA-431A-9E14-5FCB878025F3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-p703:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3FA4D04F-09EC-4F29-85EF-2B183B113816",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-2530l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93C1E07C-D4C7-4CB2-B0F7-01F838A3555B",
"versionEndIncluding": "1.05.05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-2530l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40A05FF4-4847-41C2-946A-F8043481E11F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-2670l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E5964E9-1104-4430-A023-B7616B5A6217",
"versionEndExcluding": "2.03.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-2670l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F66D7CA9-66E1-4A37-88AA-2E98DC0416C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint allows for remote administrator password disclosure."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en los dispositivos D-Link DCS-2530L versiones anteriores a 1.06.01 Hotfix y DCS-2670L versiones hasta 2.02.\u0026#xa0;El endpoint /config/getuser no autenticado permite una divulgaci\u00f3n remota de contrase\u00f1a de administrador"
}
],
"id": "CVE-2020-25078",
"lastModified": "2025-11-07T22:02:08.727",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2020-09-02T16:15:12.627",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10180"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://twitter.com/Dogonsecurity/status/1273251236167516161"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10180"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://twitter.com/Dogonsecurity/status/1273251236167516161"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Product"
],
"url": "https://support.dlink.com/productinfo.aspx?m=DCS-2530L"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"US Government Resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-25078"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…