Vulnerabilities > CVE-2012-6614 - Missing Authorization vulnerability in Dlink Dsr-250N Firmware

CVSS 7.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

dlink

CWE-862

NVD

Published: 2020-02-19

Updated: 2023-04-26

Summary

D-Link DSR-250N devices before 1.08B31 allow remote authenticated users to obtain "persistent root access" via the BusyBox CLI, as demonstrated by overwriting the super user password.

Vulnerable Configurations

Part	Description	Count
OS	Dlink Dlink DSR 250N Firmware 1.01B46 Dlink DSR 250N Firmware 1.01B56 Dlink DSR 250N Firmware 1.05B20 Dlink DSR 250N Firmware 1.05B53 Dlink DSR 250N Firmware 1.05B73_Ww	5
Hardware	Dlink Dlink DSR 250N -	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

http://www.exploit-db.com/exploits/22930/
ftp://ftp2.dlink.com/PRODUCTS/DSR-250N/REVA/DSR-SERIES_RELEASE_NOTES_v3.14.pdf
https://packetstormsecurity.com/files/118355/D-Link-DSR-250N-Backdoor.html