CVE-2020-25758
published 2020-12-15CVE-2020-25758: An issue was discovered on D-Link DSR-250 3.17 devices. Insufficient validation of configuration file checksums could allow a remote, authenticated attacker to…
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
An issue was discovered on D-Link DSR-250 3.17 devices. Insufficient validation of configuration file checksums could allow a remote, authenticated attacker to inject arbitrary crontab entries into saved configurations before uploading. These entries are executed as root.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dlink | dsr-1000_firmware | <= 3.17 | — |
| dlink | dsr-1000ac_firmware | <= 3.17 | — |
| dlink | dsr-1000n_firmware | <= 3.17 | — |
| dlink | dsr-150_firmware | <= 3.17 | — |
| dlink | dsr-150n_firmware | <= 3.17 | — |
| dlink | dsr-250_firmware | <= 3.17 | — |
| dlink | dsr-250n_firmware | <= 3.17 | — |
| dlink | dsr-500_firmware | <= 3.17 | — |
| dlink | dsr-500ac_firmware | <= 3.17 | — |