Vulnerabilities > CVE-2020-25079 - Unspecified vulnerability in Dlink Dcs-2530L Firmware and Dcs-2670L Firmware

CVSS 9.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

dlink

critical

NVD

Published: 2020-09-02

Updated: 2021-07-21

Summary

An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. cgi-bin/ddns_enc.cgi allows authenticated command injection.

Vulnerable Configurations

Part	Description	Count
OS	Dlink Dlink DCS 2530L Firmware - Dlink DCS 2530L Firmware 1.03.01 Dlink DCS 2530L Firmware 1.04.01 Dlink DCS 2530L Firmware 1.05.05 Dlink DCS 2670L Firmware - Dlink DCS 2670L Firmware 1.10 Dlink DCS 2670L Firmware 2.01 Dlink DCS 2670L Firmware 2.02	8
Hardware	Dlink Dlink DCS 2530L - Dlink DCS 2670L -	2

References

https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10180
https://twitter.com/Dogonsecurity/status/1271265152118259712