Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2020-26567

CWE-306 — Missing Authentication4 documents4 sources

Severity

5.5MEDIUM

EPSS

29.4%

top 3.40%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Dlink Dsr-250n Firmware

Timeline

PublishedOct 8

Latest updateMay 24

Description

An issue was discovered on D-Link DSR-250N before 3.17B devices. The CGI script upgradeStatusReboot.cgi can be accessed without authentication. Any access reboots the device, rendering it therefore unusable for several minutes.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

▶NVDdlink/dsr-250n_firmware< 3.17b

Patches

Patch: packetstormsecurity.com ↗Patch: seclists.org ↗Patch: www.redteam-pentesting.de ↗

🔴Vulnerability Details

GHSA

GHSA-fwxh-8jc9-j26p: An issue was discovered on D-Link DSR-250N before 3↗2022-05-24

▶

CVEList

CVE-2020-26567: An issue was discovered on D-Link DSR-250N before 3↗2020-10-08

▶

💥Exploits & PoCs

Exploit-DB

D-Link DSR-250N 3.12 - Denial of Service (PoC)↗2020-10-08

▶