Vulnerabilities > Dlink > DSR 250N Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-15 | CVE-2020-25759 | OS Command Injection vulnerability in Dlink products An issue was discovered on D-Link DSR-250 3.17 devices. | 8.8 |
| 2020-12-15 | CVE-2020-25758 | Improper Validation of Integrity Check Value vulnerability in Dlink products An issue was discovered on D-Link DSR-250 3.17 devices. | 8.8 |
| 2020-12-15 | CVE-2020-25757 | OS Command Injection vulnerability in Dlink products A lack of input validation and access controls in Lua CGIs on D-Link DSR VPN routers may result in arbitrary input being passed to system command APIs, resulting in arbitrary command execution with root privileges. | 8.8 |
| 2020-10-08 | CVE-2020-26567 | Missing Authentication for Critical Function vulnerability in Dlink Dsr-250N Firmware An issue was discovered on D-Link DSR-250N before 3.17B devices. | 5.5 |
| 2020-02-19 | CVE-2012-6614 | Missing Authorization vulnerability in Dlink Dsr-250N Firmware D-Link DSR-250N devices before 1.08B31 allow remote authenticated users to obtain "persistent root access" via the BusyBox CLI, as demonstrated by overwriting the super user password. | 7.2 |
| 2020-02-11 | CVE-2013-5945 | SQL Injection vulnerability in Dlink products Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allow remote attackers to execute arbitrary SQL commands via the password to (1) the login.authenticate function in share/lua/5.1/teamf1lualib/login.lua or (2) captivePortal.lua. | 9.8 |
| 2020-01-25 | CVE-2012-6613 | Unspecified vulnerability in Dlink Dsr-250N Firmware 1.05B73Ww D-Link DSR-250N devices with firmware 1.05B73_WW allow Persistent Root Access because of the admin password for the admin account. | 7.2 |