CVE-2020-25759 — HIGH (8.8)

Q: How severe is CVE-2020-25759?

CVE-2020-25759 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-25759?

Check the references section above for vendor advisories and patch information. Affected products include: Dlink Dsr-150 Firmware, Dlink Dsr-150, Dlink Dsr-150N Firmware, Dlink Dsr-150N, Dlink Dsr-250 Firmware.

Vulnerability Description

An issue was discovered on D-Link DSR-250 3.17 devices. Certain functionality in the Unified Services Router web interface could allow an authenticated attacker to execute arbitrary commands, due to a lack of validation of inputs provided in multipart HTTP POST requests.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Dlink	Dsr-150 Firmware	<= 3.17
Dlink	Dsr-150	-
Dlink	Dsr-150N Firmware	<= 3.17
Dlink	Dsr-150N	-
Dlink	Dsr-250 Firmware	<= 3.17
Dlink	Dsr-250	-
Dlink	Dsr-250N Firmware	<= 3.17
Dlink	Dsr-250N	-
Dlink	Dsr-500 Firmware	<= 3.17
Dlink	Dsr-500	-
Dlink	Dsr-500N Firmware	All versions
Dlink	Dsr-500N	-
Dlink	Dsr-500Ac Firmware	<= 3.17
Dlink	Dsr-500Ac	-
Dlink	Dsr-1000 Firmware	<= 3.17
Dlink	Dsr-1000	-
Dlink	Dsr-1000N Firmware	<= 3.17
Dlink	Dsr-1000N	-
Dlink	Dsr-1000Ac Firmware	<= 3.17
Dlink	Dsr-1000Ac	-

Related Weaknesses (CWE)

CWE-20 CWE-78

References

https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP1Vendor Advisory
https://www.digitaldefense.com/news/zero-day-vuln-d-link-vpn-routers/Third Party Advisory
https://www.dlink.com/en/security-bulletinVendor Advisory
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP1Vendor Advisory
https://www.digitaldefense.com/news/zero-day-vuln-d-link-vpn-routers/Third Party Advisory
https://www.dlink.com/en/security-bulletinVendor Advisory

FAQ

What is CVE-2020-25759?

CVE-2020-25759 is a vulnerability with a CVSS score of 8.8 (HIGH). An issue was discovered on D-Link DSR-250 3.17 devices. Certain functionality in the Unified Services Router web interface could allow an authenticated attacker to execute arbitrary commands, due to a...

How severe is CVE-2020-25759?

CVE-2020-25759 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-25759?

Check the references section above for vendor advisories and patch information. Affected products include: Dlink Dsr-150 Firmware, Dlink Dsr-150, Dlink Dsr-150N Firmware, Dlink Dsr-150N, Dlink Dsr-250 Firmware.