Details of VAR-202009-0783

ID

VAR-202009-0783

CVE

CVE-2020-25079

TITLE

D-Link DCS-2530L and DCS-2670L command injection vulnerability

Trust: 0.6

sources: CNVD: CNVD-2020-52376

DESCRIPTION

An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. cgi-bin/ddns_enc.cgi allows authenticated command injection. DCS-2530L and DCS-2670L are full HD 180 degree Wi-Fi cameras launched by D-Link. The vulnerability stems from the fact that the network system or product does not properly filter special elements in the process of constructing executable commands from external input data. Attackers can use this vulnerability to execute illegal commands

Trust: 1.53

sources: NVD: CVE-2020-25079 // CNVD: CNVD-2020-52376 // VULMON: CVE-2020-25079

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-52376

AFFECTED PRODUCTS

vendor:	dlink	model:	dcs-2670l	scope:	lte	version:	2.02	Trust: 1.0
vendor:	dlink	model:	dcs-2530l	scope:	lte	version:	1.05.05	Trust: 1.0
vendor:	d link	model:	dcs-2530l hotfix	scope:	lt	version:	1.06.01	Trust: 0.6
vendor:	d link	model:	dcs-2670l	scope:	lte	version:	<=2.02	Trust: 0.6

sources: CNVD: CNVD-2020-52376 // NVD: CVE-2020-25079

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-25079
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2020-52376
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202009-086
value:	HIGH
Trust: 0.6
VULMON:	CVE-2020-25079
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-25079
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
CNVD:	CNVD-2020-52376
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-25079
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2020-52376 // VULMON: CVE-2020-25079 // CNNVD: CNNVD-202009-086 // NVD: CVE-2020-25079

PROBLEMTYPE DATA

problemtype:

CWE-77

Trust: 1.0

sources: NVD: CVE-2020-25079

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202009-086

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202009-086

PATCH

title:	Patch for D-Link DCS-2530L and DCS-2670L command injection vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/234289	Trust: 0.6
title:	D-Link DCS-2530L and DCS-2670L Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=127370	Trust: 0.6
title:	2530L-analyze	url:	https://github.com/fishykz/2530L-analyze	Trust: 0.1

sources: CNVD: CNVD-2020-52376 // VULMON: CVE-2020-25079 // CNNVD: CNNVD-202009-086

EXTERNAL IDS

db:	NVD	id:	CVE-2020-25079	Trust: 2.3
db:	DLINK	id:	SAP10180	Trust: 1.6
db:	CNVD	id:	CNVD-2020-52376	Trust: 0.6
db:	CNNVD	id:	CNNVD-202009-086	Trust: 0.6
db:	VULMON	id:	CVE-2020-25079	Trust: 0.1

sources: CNVD: CNVD-2020-52376 // VULMON: CVE-2020-25079 // CNNVD: CNNVD-202009-086 // NVD: CVE-2020-25079

REFERENCES

url:	https://twitter.com/dogonsecurity/status/1271265152118259712	Trust: 1.6
url:	https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10180	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-25079	Trust: 1.2

sources: CNVD: CNVD-2020-52376 // CNNVD: CNNVD-202009-086 // NVD: CVE-2020-25079

SOURCES

db:	CNVD	id:	CNVD-2020-52376
db:	VULMON	id:	CVE-2020-25079
db:	CNNVD	id:	CNNVD-202009-086
db:	NVD	id:	CVE-2020-25079

LAST UPDATE DATE

2024-11-23T22:33:18.594000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-52376	date:	2020-09-16T00:00:00
db:	VULMON	id:	CVE-2020-25079	date:	2021-07-21T00:00:00
db:	CNNVD	id:	CNNVD-202009-086	date:	2021-01-04T00:00:00
db:	NVD	id:	CVE-2020-25079	date:	2024-11-21T05:17:13.003

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-52376	date:	2020-09-16T00:00:00
db:	VULMON	id:	CVE-2020-25079	date:	2020-09-02T00:00:00
db:	CNNVD	id:	CNNVD-202009-086	date:	2020-09-02T00:00:00
db:	NVD	id:	CVE-2020-25079	date:	2020-09-02T16:15:12.690