CVE-2020-25078
HIGH
7,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: none
MEDIUM
5,0
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: none
Confidentiality: partial
Integrity: none
Availability: none
Description
AI Translation Available
An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint allows for remote administrator password disclosure.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,9423
Percentile
1,0th
Updated
EPSS Score Trend (Last 90 Days)
Operating System
Dcs-P703 Firmware by Dlink
CPE Identifier
View Detailed Analysis
cpe:2.3:o:dlink:dcs-p703_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Dcs-4802E Firmware by Dlink
Version Range Affected
To
2.01.01
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:dlink:dcs-4802e_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Dcs-4703E Firmware by Dlink
Version Range Affected
To
1.03.04
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:dlink:dcs-4703e_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Dcs-4622 Firmware by Dlink
Version Range Affected
To
2.01.10
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:dlink:dcs-4622_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Dcs-4603 Firmware by Dlink
Version Range Affected
To
1.04.02
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:dlink:dcs-4603_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Dcs-2670L Firmware by Dlink
Version Range Affected
To
2.03.00
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:dlink:dcs-2670l_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Dcs-2530L Firmware by Dlink
Version Range Affected
To
1.05.05
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:dlink:dcs-2530l_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Dcs-4701E Firmware by Dlink
Version Range Affected
To
2.03.01
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:dlink:dcs-4701e_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Dcs-4705E Firmware by Dlink
Version Range Affected
To
1.03.02
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:dlink:dcs-4705e_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://support.dlink.com/productinfo.aspx?m=DCS-2530L
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020…
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP…
https://twitter.com/Dogonsecurity/status/1273251236167516161
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP…
https://twitter.com/Dogonsecurity/status/1273251236167516161