CVE-2020-25757
- EPSS 0.52%
- Published 15.12.2020 20:15:16
- Last modified 21.11.2024 05:18:40
A lack of input validation and access controls in Lua CGIs on D-Link DSR VPN routers may result in arbitrary input being passed to system command APIs, resulting in arbitrary command execution with root privileges. This affects DSR-150, DSR-250, DSR-...
- EPSS 0.31%
- Published 15.12.2020 20:15:16
- Last modified 21.11.2024 05:18:41
An issue was discovered on D-Link DSR-250 3.17 devices. Insufficient validation of configuration file checksums could allow a remote, authenticated attacker to inject arbitrary crontab entries into saved configurations before uploading. These entries...
- EPSS 1.45%
- Published 15.12.2020 20:15:16
- Last modified 21.11.2024 05:18:41
An issue was discovered on D-Link DSR-250 3.17 devices. Certain functionality in the Unified Services Router web interface could allow an authenticated attacker to execute arbitrary commands, due to a lack of validation of inputs provided in multipar...