7.5

CVE-2020-25078

Warning

An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint allows for remote administrator password disclosure.

Data is provided by the National Vulnerability Database (NVD)
DlinkDcs-4603 Firmware Version < 1.04.02
   DlinkDcs-4603 Version-
DlinkDcs-4622 Firmware Version < 2.01.10
   DlinkDcs-4622 Version-
DlinkDcs-4701e Firmware Version < 2.03.01
   DlinkDcs-4701e Version-
DlinkDcs-4703e Firmware Version < 1.03.04
   DlinkDcs-4703e Version-
DlinkDcs-4705e Firmware Version < 1.03.02
   DlinkDcs-4705e Version-
DlinkDcs-4802e Firmware Version < 2.01.01
   DlinkDcs-4802e Version-
DlinkDcs-p703 Firmware
   DlinkDcs-p703 Version-
DlinkDcs-2530l Firmware Version <= 1.05.05
   DlinkDcs-2530l Version-
DlinkDcs-2670l Firmware Version < 2.03.00
   DlinkDcs-2670l Version-

05.08.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog

D-Link DCS-2530L and DCS-2670L Devices Unspecified Vulnerability

Vulnerability

D-Link DCS-2530L and DCS-2670L devices contains an unspecified vulnerability that could allow for remote administrator password disclosure. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

Description

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Required actions
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 94.2% 0.999
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N