Vulnerabilities > Dlink > DSR 1000 Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-15 | CVE-2020-25759 | Improper Input Validation vulnerability in Dlink products An issue was discovered on D-Link DSR-250 3.17 devices. | 9.0 |
| 2020-12-15 | CVE-2020-25758 | Improper Validation of Integrity Check Value vulnerability in Dlink products An issue was discovered on D-Link DSR-250 3.17 devices. | 9.0 |
| 2020-12-15 | CVE-2020-25757 | Improper Input Validation vulnerability in Dlink products A lack of input validation and access controls in Lua CGIs on D-Link DSR VPN routers may result in arbitrary input being passed to system command APIs, resulting in arbitrary command execution with root privileges. | 8.3 |
| 2020-02-11 | CVE-2013-5945 | SQL Injection vulnerability in Dlink products Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allow remote attackers to execute arbitrary SQL commands via the password to (1) the login.authenticate function in share/lua/5.1/teamf1lualib/login.lua or (2) captivePortal.lua. | 10.0 |