PT-2020-16460 · D Link · Dsr-250N

Published

2020-10-08

Updated

2023-04-26

CVE-2020-26567

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions D-Link DSR-250N versions prior to 3.17B

Description An issue was discovered where the CGI script upgradeStatusReboot.cgi can be accessed without authentication. Any access to this script reboots the device, rendering it unusable for several minutes.

Recommendations For versions prior to 3.17B, update to version 3.17B or later to resolve the issue. As a temporary workaround, consider restricting access to the upgradeStatusReboot.cgi script until a patch is available.

Exploit

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2020-26567

Affected Products

Dsr-250N

PT-2020-16460 · D Link · Dsr-250N

CVE-2020-26567

Weakness Enumeration

Related Identifiers

Affected Products

References · 8