CVE-2012-6614

Опубликовано: 19 фев. 2020

Источник: nvd

CVSS3: 7.2

CVSS2: 9

EPSS Низкий

Описание

D-Link DSR-250N devices before 1.08B31 allow remote authenticated users to obtain "persistent root access" via the BusyBox CLI, as demonstrated by overwriting the super user password.

Ссылки

ftp://ftp2.dlink.com/PRODUCTS/DSR-250N/REVA/DSR-SERIES_RELEASE_NOTES_v3.14.pdf
Release Notes
Vendor Advisory
http://www.exploit-db.com/exploits/22930/
Exploit
Third Party Advisory
VDB Entry
https://packetstormsecurity.com/files/118355/D-Link-DSR-250N-Backdoor.html
Exploit
Third Party Advisory
VDB Entry
ftp://ftp2.dlink.com/PRODUCTS/DSR-250N/REVA/DSR-SERIES_RELEASE_NOTES_v3.14.pdf
Release Notes
Vendor Advisory
http://www.exploit-db.com/exploits/22930/
Exploit
Third Party Advisory
VDB Entry
https://packetstormsecurity.com/files/118355/D-Link-DSR-250N-Backdoor.html
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:dlink:dsr-250n_firmware:*:*:*:*:*:*:*:*

Версия до 1.08b31 (исключая)

cpe:2.3:h:dlink:dsr-250n:-:*:*:*:*:*:*:*

EPSS

Процентиль: 90%

0.06109

Низкий

7.2 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-862

Связанные уязвимости

GHSA-4x5r-v8g2-7qhv

github

почти 4 года назад