Dlink

Dsr-250n Firmware

11 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2024-57376

  • EPSS 0.13%
  • Published 28.01.2025 22:15:15
  • Last modified 01.07.2025 15:15:40

Buffer Overflow vulnerability in D-Link DSR-150, DSR-150N, DSR-250, DSR-250N, DSR-500N, DSR-1000N from 3.13 to 3.17B901C allows unauthenticated users to execute remote code execution.

8.8

CVE-2020-25757

  • EPSS 0.52%
  • Published 15.12.2020 20:15:16
  • Last modified 21.11.2024 05:18:40

A lack of input validation and access controls in Lua CGIs on D-Link DSR VPN routers may result in arbitrary input being passed to system command APIs, resulting in arbitrary command execution with root privileges. This affects DSR-150, DSR-250, DSR-...

9

CVE-2020-25758

  • EPSS 0.31%
  • Published 15.12.2020 20:15:16
  • Last modified 21.11.2024 05:18:41

An issue was discovered on D-Link DSR-250 3.17 devices. Insufficient validation of configuration file checksums could allow a remote, authenticated attacker to inject arbitrary crontab entries into saved configurations before uploading. These entries...

9

CVE-2020-25759

  • EPSS 1.45%
  • Published 15.12.2020 20:15:16
  • Last modified 21.11.2024 05:18:41

An issue was discovered on D-Link DSR-250 3.17 devices. Certain functionality in the Unified Services Router web interface could allow an authenticated attacker to execute arbitrary commands, due to a lack of validation of inputs provided in multipar...

5.5

CVE-2020-26567

Exploit
  • EPSS 29.38%
  • Published 08.10.2020 13:15:11
  • Last modified 21.11.2024 05:20:05

An issue was discovered on D-Link DSR-250N before 3.17B devices. The CGI script upgradeStatusReboot.cgi can be accessed without authentication. Any access reboots the device, rendering it therefore unusable for several minutes.

9

CVE-2012-6614

Exploit
  • EPSS 8.06%
  • Published 19.02.2020 15:15:11
  • Last modified 21.11.2024 01:46:30

D-Link DSR-250N devices before 1.08B31 allow remote authenticated users to obtain "persistent root access" via the BusyBox CLI, as demonstrated by overwriting the super user password.

10

CVE-2013-5945

Exploit
  • EPSS 10.45%
  • Published 11.02.2020 12:15:11
  • Last modified 21.11.2024 01:58:28

Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B...

9

CVE-2012-6613

Exploit
  • EPSS 0.98%
  • Published 25.01.2020 19:15:11
  • Last modified 21.11.2024 01:46:30

D-Link DSR-250N devices with firmware 1.05B73_WW allow Persistent Root Access because of the admin password for the admin account.

7.8

CVE-2013-7004

Exploit
  • EPSS 0.33%
  • Published 19.12.2013 04:24:57
  • Last modified 11.04.2025 00:51:21

D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 have a hardcoded account of username gk...

4.9

CVE-2013-7005

Exploit
  • EPSS 0.04%
  • Published 19.12.2013 04:24:57
  • Last modified 11.04.2025 00:51:21

D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 stores account passwords in cleartext, ...