Vulnerability Description
D-Link DSR-250N devices before 1.08B31 allow remote authenticated users to obtain "persistent root access" via the BusyBox CLI, as demonstrated by overwriting the super user password.
CVSS Score
7.2
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dlink | Dsr-250N Firmware | < 1.08b31 |
| Dlink | Dsr-250N | - |
Related Weaknesses (CWE)
References
- ftp://ftp2.dlink.com/PRODUCTS/DSR-250N/REVA/DSR-SERIES_RELEASE_NOTES_v3.14.pdfRelease NotesVendor Advisory
- http://www.exploit-db.com/exploits/22930/ExploitThird Party AdvisoryVDB Entry
- https://packetstormsecurity.com/files/118355/D-Link-DSR-250N-Backdoor.htmlExploitThird Party AdvisoryVDB Entry
- ftp://ftp2.dlink.com/PRODUCTS/DSR-250N/REVA/DSR-SERIES_RELEASE_NOTES_v3.14.pdfRelease NotesVendor Advisory
- http://www.exploit-db.com/exploits/22930/ExploitThird Party AdvisoryVDB Entry
- https://packetstormsecurity.com/files/118355/D-Link-DSR-250N-Backdoor.htmlExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2012-6614?
CVE-2012-6614 is a vulnerability with a CVSS score of 7.2 (HIGH). D-Link DSR-250N devices before 1.08B31 allow remote authenticated users to obtain "persistent root access" via the BusyBox CLI, as demonstrated by overwriting the super user password.
How severe is CVE-2012-6614?
CVE-2012-6614 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-6614?
Check the references section above for vendor advisories and patch information. Affected products include: Dlink Dsr-250N Firmware, Dlink Dsr-250N.