Vulnerability Description
An issue was discovered on D-Link DSR-250N before 3.17B devices. The CGI script upgradeStatusReboot.cgi can be accessed without authentication. Any access reboots the device, rendering it therefore unusable for several minutes.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dlink | Dsr-250N Firmware | < 3.17b |
| Dlink | Dsr-250N | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/159516/D-Link-DSR-250N-Denial-Of-Service.htExploitMitigationPatch
- http://seclists.org/fulldisclosure/2020/Oct/14ExploitMailing ListMitigation
- https://www.redteam-pentesting.de/advisories/rt-sa-2020-002ExploitMitigationPatch
- http://packetstormsecurity.com/files/159516/D-Link-DSR-250N-Denial-Of-Service.htExploitMitigationPatch
- http://seclists.org/fulldisclosure/2020/Oct/14ExploitMailing ListMitigation
- https://www.redteam-pentesting.de/advisories/rt-sa-2020-002ExploitMitigationPatch
FAQ
What is CVE-2020-26567?
CVE-2020-26567 is a vulnerability with a CVSS score of 5.5 (MEDIUM). An issue was discovered on D-Link DSR-250N before 3.17B devices. The CGI script upgradeStatusReboot.cgi can be accessed without authentication. Any access reboots the device, rendering it therefore un...
How severe is CVE-2020-26567?
CVE-2020-26567 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-26567?
Check the references section above for vendor advisories and patch information. Affected products include: Dlink Dsr-250N Firmware, Dlink Dsr-250N.