HIGH🇬🇧 English

CVE-2020-25758

CVSS 8.8v3.1pub. 2020-12-15upd. 2024-11-21

An issue was discovered on D-Link DSR-250 3.17 devices. Insufficient validation of configuration file checksums could allow a remote, authenticated attacker to inject arbitrary crontab entries into saved configurations before uploading. These entries are executed as root.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Dlink Dsr 1000

    HW
    Dlink
    wszystkie wersje
  • Dlink Dsr 1000ac

    HW
    Dlink
    wszystkie wersje
  • Dlink Dsr 1000ac Firmware

    OS
    Dlink
    ≤ 3.17
  • Dlink Dsr 1000 Firmware

    OS
    Dlink
    ≤ 3.17
  • Dlink Dsr 1000n

    HW
    Dlink
    wszystkie wersje
  • Dlink Dsr 1000n Firmware

    OS
    Dlink
    ≤ 3.17
  • Dlink Dsr 150

    HW
    Dlink
    wszystkie wersje
  • Dlink Dsr 150 Firmware

    OS
    Dlink
    ≤ 3.17
  • Dlink Dsr 150n

    HW
    Dlink
    wszystkie wersje
  • Dlink Dsr 150n Firmware

    OS
    Dlink
    ≤ 3.17
  • Dlink Dsr 250

    HW
    Dlink
    wszystkie wersje
  • Dlink Dsr 250 Firmware

    OS
    Dlink
    ≤ 3.17
  • Dlink Dsr 250n

    HW
    Dlink
    wszystkie wersje
  • Dlink Dsr 250n Firmware

    OS
    Dlink
    ≤ 3.17
  • Dlink Dsr 500

    HW
    Dlink
    wszystkie wersje
  • Dlink Dsr 500ac

    HW
    Dlink
    wszystkie wersje
  • Dlink Dsr 500ac Firmware

    OS
    Dlink
    ≤ 3.17
  • Dlink Dsr 500 Firmware

    OS
    Dlink
    ≤ 3.17
  • Dlink Dsr 500n

    HW
    Dlink
    wszystkie wersje
  • Dlink Dsr 500n Firmware

    OS
    Dlink
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2021-39615CRITICAL9.8ten sam produkt

D-Link DSR-500N version 1.02 contains hard-coded credentials for undocumented user accounts in the '/etc/passw...

CVE-2020-18568CRITICAL9.8ten sam produkt

The D-Link DSR-250 (3.14) DSR-1000N (2.11B201) UPnP service contains a command injection vulnerability, which ...

CVE-2013-5945CRITICAL9.8ten sam produkt

Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware ...

CVE-2024-57376HIGH8.8ten sam produkt

Buffer Overflow vulnerability in D-Link DSR-150, DSR-150N, DSR-250, DSR-250N, DSR-500N, DSR-1000N from 3.13 to...

CVE-2020-25757HIGH8.8ten sam produkt

A lack of input validation and access controls in Lua CGIs on D-Link DSR VPN routers may result in arbitrary i...