D-Link DCS-2530L/DCS-2670L - Administrator Password Disclosure

D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices are vulnerable to password disclosures vulnerabilities because the /config/getuser endpoint allows for remote administrator password disclosure. id: CVE-2020-25078 info: name: D-Link DCS-2530L/DCS-2670L - Administrator...

D-Link DCS-2530L < 1.07 and DCS-2670L < 2.03 Multiple Vulnerabilities

According to its self-reported version, D-Link IP Camera DCS-2530L on or before 1.05.05, and DCS-2670L on or before 2.02 are affected by multiple vulnerabilities. - A command injection vulnerability exists in affected devices due to the improper neutralization of special elements in...

VulnCheck KEV: CVE-2020-25079

An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. cgi-bin/ddnsenc.cgi allows authenticated command injection...

Exploit for CVE-2020-25078

CVE-2020-25078 Instructions The attack URL is located in th...

VulnCheck KEV: CVE-2020-25078

D-Link DCS-2530L and DCS-2670L devices contains an unspecified vulnerability that could allow for remote administrator password disclosure. The impacted products could be end-of-life EoL and/or end-of-service EoS. Users should discontinue product utilization...

D-Link DCS-2530L and DCS-2670L Information Disclosure Vulnerability

The DCS-2530L and DCS-2670L are Full HD 180-degree Wi-Fi cameras from D-Link. A security vulnerability exists in cgi-bin/ddnsenc.cgi in the D-Link DCS-2530L and DCS-2670L. An attacker can exploit this vulnerability to obtain the administrator password via the /config/getuser endpoint...

CVE-2020-25079

An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. cgi-bin/ddnsenc.cgi allows authenticated command injection...

CVE-2020-25078

An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint allows for remote administrator password disclosure...

CVE-2020-25078

An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint allows for remote administrator password disclosure...

Command injection

An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. cgi-bin/ddnsenc.cgi allows authenticated command injection...

Default credentials

An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint allows for remote administrator password disclosure...

CVE-2020-25078

An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint allows for remote administrator password disclosure...

CVE-2020-25078

CVE-2020-25078 affects D-Link DCS-2530L (up to 1.06.01 Hotfix) and DCS-2670L (up to 2.02). The unauthenticated /config/getuser endpoint allows remote administrator password disclosure. Impact: attacker could obtain the admin password, enabling unauthorized access. Remediation: update firmware to ...

CVE-2020-25079

An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. cgi-bin/ddnsenc.cgi allows authenticated command injection...

CVE-2020-25079

CVE-2020-25079 affects D-Link DCS-2530L (pre-1.06.01 Hotfix) and DCS-2670L (through 2.02). A command-injection vulnerability exists in cgi-bin/ddns_enc.cgi that can be triggered by authenticated users. Public records confirm exploitable conditions and include in-the-wild indicators (CISA KEV cata...

PT-2020-15932 · D Link · D-Link Dcs-2670L +1

Name of the Vulnerable Software and Affected Versions: D-Link DCS-2530L versions prior to 1.06.01 Hotfix D-Link DCS-2670L versions through 2.02 Description: An issue exists on D-Link DCS-2530L and DCS-2670L devices. The unauthenticated /config/getuser endpoint allows for remote administrator...

CVE-2020-25078

An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint allows for remote administrator password disclosure. Recent assessments: kevthehermit at March 04, 2021 12:03am UTC reported: Vulnerability The D-LInk...

PT-2020-15933 · D Link · D-Link Dcs-2670L +1

Name of the Vulnerable Software and Affected Versions: D-Link DCS-2530L versions prior to 1.06.01 Hotfix D-Link DCS-2670L versions through 2.02 Description: An issue exists in the cgi-bin/ddns enc.cgi file on D-Link DCS-2530L and DCS-2670L devices that allows authenticated command injection...

D-Link DCS-2530L Camera Unauthorized RCE 0day Vulnerability

The D-Link DCS-2530L is a camera from AUO D-Link. The D-Link DCS-2530L camera suffers from an unauthorized RCE 0day vulnerability that can be exploited by an attacker to execute arbitrary commands on the target device as root to execute arbitrary commands on the target device...

CVE-2017-7852

D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack. This is because of the 'allow-access-from domain' child element set to , thus accepting requests from any domain. If a...