CVE-2020-25759

Name of the Vulnerable Software and Affected Versions D-Link DSR-250 version 3.17 D-Link DSR-150 (affected versions not specified) D-Link DSR-150N (affected versions not specified) D-Link DSR-250N (affected versions not specified) D-Link DSR-500 (affected versions not specified) D-Link DSR-500N (affected versions not specified) D-Link DSR-500AC (affected versions not specified) D-Link DSR-1000 (affected versions not specified) D-Link DSR-1000N (affected versions not specified) D-Link DSR-1000AC (affected versions not specified)

Description The issue is related to the Unified Services Router web interface, where certain functionality could allow an authenticated attacker to execute arbitrary commands due to a lack of validation of inputs provided in multipart HTTP POST requests. This could potentially allow a remote attacker to elevate their privileges and execute arbitrary code.

Recommendations For D-Link DSR-250 version 3.17, consider disabling the vulnerable functionality in the Unified Services Router web interface until a patch is available. For D-Link DSR-150, DSR-150N, DSR-250N, DSR-500, DSR-500N, DSR-500AC, DSR-1000, DSR-1000N, DSR-1000AC, restrict access to the Unified Services Router web interface to minimize the risk of exploitation, as the affected versions are not specified. At the moment, there is no information about a newer version that contains a fix for this vulnerability.