CVE-2020-25759
published 2020-12-15CVE-2020-25759: An issue was discovered on D-Link DSR-250 3.17 devices. Certain functionality in the Unified Services Router web interface could allow an authenticated…
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
An issue was discovered on D-Link DSR-250 3.17 devices. Certain functionality in the Unified Services Router web interface could allow an authenticated attacker to execute arbitrary commands, due to a lack of validation of inputs provided in multipart HTTP POST requests.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dlink | dsr-1000_firmware | <= 3.17 | — |
| dlink | dsr-1000ac_firmware | <= 3.17 | — |
| dlink | dsr-1000n_firmware | <= 3.17 | — |
| dlink | dsr-150_firmware | <= 3.17 | — |
| dlink | dsr-150n_firmware | <= 3.17 | — |
| dlink | dsr-250_firmware | <= 3.17 | — |
| dlink | dsr-250n_firmware | <= 3.17 | — |
| dlink | dsr-500_firmware | <= 3.17 | — |
| dlink | dsr-500ac_firmware | <= 3.17 | — |