D-Link DCS-2530L/DCS-2670L - Administrator Password Disclosure

D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices are vulnerable to password disclosures vulnerabilities because the /config/getuser endpoint allows for remote administrator password disclosure. id: CVE-2020-25078 info: name: D-Link DCS-2530L/DCS-2670L - Administrator...

VulnCheck KEV: CVE-2020-25079

An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. cgi-bin/ddnsenc.cgi allows authenticated command injection...

D-Link DCS-2530L and DCS-2670L Information Disclosure Vulnerability

The DCS-2530L and DCS-2670L are Full HD 180-degree Wi-Fi cameras from D-Link. A security vulnerability exists in cgi-bin/ddnsenc.cgi in the D-Link DCS-2530L and DCS-2670L. An attacker can exploit this vulnerability to obtain the administrator password via the /config/getuser endpoint...

CVE-2020-25078

An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint allows for remote administrator password disclosure...

CVE-2020-25079

An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. cgi-bin/ddnsenc.cgi allows authenticated command injection...

Default credentials

An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint allows for remote administrator password disclosure...

Command injection

An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. cgi-bin/ddnsenc.cgi allows authenticated command injection...

CVE-2020-25078

An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint allows for remote administrator password disclosure...

CVE-2020-25078

CVE-2020-25078 affects D-Link DCS-2530L (up to 1.06.01 Hotfix) and DCS-2670L (up to 2.02). The unauthenticated /config/getuser endpoint allows remote administrator password disclosure. Impact: attacker could obtain the admin password, enabling unauthorized access. Remediation: update firmware to ...

CVE-2020-25079

CVE-2020-25079 affects D-Link DCS-2530L (pre-1.06.01 Hotfix) and DCS-2670L (through 2.02). A command-injection vulnerability exists in cgi-bin/ddns_enc.cgi that can be triggered by authenticated users. Public records confirm exploitable conditions and include in-the-wild indicators (CISA KEV cata...