Vulnerabilities > CVE-2012-6614 - Missing Authorization vulnerability in Dlink Dsr-250N Firmware
Attack vector
NETWORK Attack complexity
LOW Privileges required
HIGH Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
D-Link DSR-250N devices before 1.08B31 allow remote authenticated users to obtain "persistent root access" via the BusyBox CLI, as demonstrated by overwriting the super user password.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 5 | |
Hardware | 1 |
Common Weakness Enumeration (CWE)
References
- ftp://ftp2.dlink.com/PRODUCTS/DSR-250N/REVA/DSR-SERIES_RELEASE_NOTES_v3.14.pdf
- ftp://ftp2.dlink.com/PRODUCTS/DSR-250N/REVA/DSR-SERIES_RELEASE_NOTES_v3.14.pdf
- http://www.exploit-db.com/exploits/22930/
- http://www.exploit-db.com/exploits/22930/
- https://packetstormsecurity.com/files/118355/D-Link-DSR-250N-Backdoor.html
- https://packetstormsecurity.com/files/118355/D-Link-DSR-250N-Backdoor.html