Vulnerabilities > CVE-2020-25078 - Unspecified vulnerability in Dlink Dcs-2530L Firmware and Dcs-2670L Firmware

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

dlink

NVD

Published: 2020-09-02

Updated: 2023-11-08

Summary

An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint allows for remote administrator password disclosure.

Vulnerable Configurations

Part	Description	Count
OS	Dlink Dlink DCS 2530L Firmware - Dlink DCS 2530L Firmware 1.00.21 Dlink DCS 2530L Firmware 1.03.01 Dlink DCS 2530L Firmware 1.04.01 Dlink DCS 2530L Firmware 1.05.05 Dlink DCS 2670L Firmware - Dlink DCS 2670L Firmware 1.10 Dlink DCS 2670L Firmware 2.01 Dlink DCS 2670L Firmware 2.02	9
Hardware	Dlink Dlink DCS 2530L - Dlink DCS 2670L -	2

References

https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10180
https://twitter.com/Dogonsecurity/status/1273251236167516161