2 matches found
CVE-2020-25758
CVE-2020-25758 affects D-Link DSR-250 (3.17). The issue is insufficient validation of configuration-file checksums, allowing a remote authenticated attacker to inject crontab entries into a saved config before upload, which are executed as root. Documents describe the root‑level command execution...
D-Link Routers at Risk for Remote Takeover from Zero-Day Flaw
Buggy firmware opens a number of D-Link VPN router models to zero-day attacks. The flaws, which lack a complete vendor fix, allow adversaries to launch root command injection attacks that can be executed remotely and allow for device takeover. Impacted are D-Link router models DSR-150, DSR-250,...