CVE-2020-25079
HIGH
8,8
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
HIGH
9,0
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: single
Confidentiality: complete
Integrity: complete
Availability: complete
Description
AI Translation Available
An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. cgi-bin/ddns_enc.cgi allows authenticated command injection.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,4499
Percentile
1,0th
Updated
EPSS Score Trend (Last 91 Days)
77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
DraftCommon Consequences
Security Scopes Affected:
Integrity
Confidentiality
Availability
Potential Impacts:
Execute Unauthorized Code Or Commands
Applicable Platforms
Technologies:
AI/ML
Operating System
Dcs-P703 Firmware by Dlink
CPE Identifier
View Detailed Analysis
cpe:2.3:o:dlink:dcs-p703_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Dcs-4802E Firmware by Dlink
Version Range Affected
To
2.01.01
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:dlink:dcs-4802e_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Dcs-4703E Firmware by Dlink
Version Range Affected
To
1.03.04
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:dlink:dcs-4703e_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Dcs-4622 Firmware by Dlink
Version Range Affected
To
2.01.10
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:dlink:dcs-4622_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Dcs-4603 Firmware by Dlink
Version Range Affected
To
1.04.02
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:dlink:dcs-4603_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Dcs-2670L Firmware by Dlink
Version Range Affected
To
2.03.00
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:dlink:dcs-2670l_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Dcs-2530L Firmware by Dlink
Version Range Affected
To
1.05.05
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:dlink:dcs-2530l_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Dcs-4701E Firmware by Dlink
Version Range Affected
To
2.03.01
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:dlink:dcs-4701e_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Dcs-4705E Firmware by Dlink
Version Range Affected
To
1.03.02
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:dlink:dcs-4705e_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://support.dlink.com/productinfo.aspx?m=DCS-2530L
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020…
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP…
https://twitter.com/Dogonsecurity/status/1271265152118259712
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP…
https://twitter.com/Dogonsecurity/status/1271265152118259712