CVE-2020-26567

Опубликовано: 08 окт. 2020

Источник: nvd

CVSS3: 5.5

CVSS2: 4.9

EPSS Средний

Описание

An issue was discovered on D-Link DSR-250N before 3.17B devices. The CGI script upgradeStatusReboot.cgi can be accessed without authentication. Any access reboots the device, rendering it therefore unusable for several minutes.

Ссылки

http://packetstormsecurity.com/files/159516/D-Link-DSR-250N-Denial-Of-Service.html
Exploit
Mitigation
Patch
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2020/Oct/14
Exploit
Mailing List
Mitigation
Patch
Third Party Advisory
https://www.redteam-pentesting.de/advisories/rt-sa-2020-002
Exploit
Mitigation
Patch
Third Party Advisory
http://packetstormsecurity.com/files/159516/D-Link-DSR-250N-Denial-Of-Service.html
Exploit
Mitigation
Patch
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2020/Oct/14
Exploit
Mailing List
Mitigation
Patch
Third Party Advisory
https://www.redteam-pentesting.de/advisories/rt-sa-2020-002
Exploit
Mitigation
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:dlink:dsr-250n_firmware:*:*:*:*:*:*:*:*

Версия до 3.17b (исключая)

cpe:2.3:h:dlink:dsr-250n:-:*:*:*:*:*:*:*

EPSS

Процентиль: 96%

0.29384

Средний

5.5 Medium

CVSS3

4.9 Medium

CVSS2

Дефекты

CWE-306

Связанные уязвимости

GHSA-fwxh-8jc9-j26p