5.5

CVE-2020-26567

Exploit

An issue was discovered on D-Link DSR-250N before 3.17B devices. The CGI script upgradeStatusReboot.cgi can be accessed without authentication. Any access reboots the device, rendering it therefore unusable for several minutes.

Data is provided by the National Vulnerability Database (NVD)
DlinkDsr-250n Firmware Version < 3.17b
   DlinkDsr-250n Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 29.38% 0.964
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4.9 3.9 6.9
AV:L/AC:L/Au:N/C:N/I:N/A:C
CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

http://packetstormsecurity.com/files/159516/D-Link-DSR-250N-Denial-Of-Service.html
Patch
Third Party Advisory
Exploit
VDB Entry
Mitigation
http://seclists.org/fulldisclosure/2020/Oct/14
Patch
Third Party Advisory
Exploit
Mailing List
Mitigation
https://www.redteam-pentesting.de/advisories/rt-sa-2020-002
Patch
Third Party Advisory
Exploit
Mitigation