CVE-2020-25078
published 2020-09-02CVE-2020-25078: An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint allows for…
high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2025-08-26
Exploited in the wild
An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint allows for remote administrator password disclosure.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dlink | dcs-2530l_firmware | <= 1.05.05 | — |
| dlink | dcs-2670l_firmware | < 2.03.00 | 2.03.00 |
| dlink | dcs-4603_firmware | < 1.04.02 | 1.04.02 |
| dlink | dcs-4622_firmware | < 2.01.10 | 2.01.10 |
| dlink | dcs-4701e_firmware | < 2.03.01 | 2.03.01 |
| dlink | dcs-4703e_firmware | < 1.03.04 | 1.03.04 |
| dlink | dcs-4705e_firmware | < 1.03.02 | 1.03.02 |
| dlink | dcs-4802e_firmware | < 2.01.01 | 2.01.01 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vulncheck7.5HIGH
cisa7.5HIGH