Vulnerabilities > CVE-2012-6614 - Missing Authorization vulnerability in D-Link Dsr-250N Firmware

CVSS 9.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

d-link

CWE-862

critical

NVD

Published: 2020-02-19

Updated: 2020-03-05

Summary

D-Link DSR-250N devices before 1.08B31 allow remote authenticated users to obtain "persistent root access" via the BusyBox CLI, as demonstrated by overwriting the super user password.

Vulnerable Configurations

Part	Description	Count
OS	D-Link D Link DSR 250N Firmware 1.01B46 D Link DSR 250N Firmware 1.01B56 D Link DSR 250N Firmware 1.05B20 D Link DSR 250N Firmware 1.05B53	4
Hardware	D-Link D Link DSR 250N -	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

ftp://ftp2.dlink.com/PRODUCTS/DSR-250N/REVA/DSR-SERIES_RELEASE_NOTES_v3.14.pdf
http://www.exploit-db.com/exploits/22930/
https://packetstormsecurity.com/files/118355/D-Link-DSR-250N-Backdoor.html