D-Link DCS-2530L/DCS-2670L - Administrator Password Disclosure

D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices are vulnerable to password disclosures vulnerabilities because the /config/getuser endpoint allows for remote administrator password disclosure. id: CVE-2020-25078 info: name: D-Link DCS-2530L/DCS-2670L - Administrator...

D-Link DCS-2530L < 1.07 and DCS-2670L < 2.03 Multiple Vulnerabilities

According to its self-reported version, D-Link IP Camera DCS-2530L on or before 1.05.05, and DCS-2670L on or before 2.02 are affected by multiple vulnerabilities. - A command injection vulnerability exists in affected devices due to the improper neutralization of special elements in...

VulnCheck KEV: CVE-2020-25079

An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. cgi-bin/ddnsenc.cgi allows authenticated command injection...

VulnCheck KEV: CVE-2020-25078

D-Link DCS-2530L and DCS-2670L devices contains an unspecified vulnerability that could allow for remote administrator password disclosure. The impacted products could be end-of-life EoL and/or end-of-service EoS. Users should discontinue product utilization...

D-Link DCS-2530L and DCS-2670L Information Disclosure Vulnerability

The DCS-2530L and DCS-2670L are Full HD 180-degree Wi-Fi cameras from D-Link. A security vulnerability exists in cgi-bin/ddnsenc.cgi in the D-Link DCS-2530L and DCS-2670L. An attacker can exploit this vulnerability to obtain the administrator password via the /config/getuser endpoint...

CVE-2020-25079

An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. cgi-bin/ddnsenc.cgi allows authenticated command injection...

CVE-2020-25078

An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint allows for remote administrator password disclosure...

CVE-2020-25078

An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint allows for remote administrator password disclosure...

Command injection

An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. cgi-bin/ddnsenc.cgi allows authenticated command injection...

Default credentials

An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint allows for remote administrator password disclosure...

CVE-2020-25078

An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint allows for remote administrator password disclosure...

CVE-2020-25078

CVE-2020-25078 affects D-Link DCS-2530L (up to 1.06.01 Hotfix) and DCS-2670L (up to 2.02). The unauthenticated /config/getuser endpoint allows remote administrator password disclosure. Impact: attacker could obtain the admin password, enabling unauthorized access. Remediation: update firmware to ...

CVE-2020-25079

An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. cgi-bin/ddnsenc.cgi allows authenticated command injection...

CVE-2020-25079

CVE-2020-25079 affects D-Link DCS-2530L (pre-1.06.01 Hotfix) and DCS-2670L (through 2.02). A command-injection vulnerability exists in cgi-bin/ddns_enc.cgi that can be triggered by authenticated users. Public records confirm exploitable conditions and include in-the-wild indicators (CISA KEV cata...

PT-2020-15932 · D Link · D-Link Dcs-2670L +1

Name of the Vulnerable Software and Affected Versions: D-Link DCS-2530L versions prior to 1.06.01 Hotfix D-Link DCS-2670L versions through 2.02 Description: An issue exists on D-Link DCS-2530L and DCS-2670L devices. The unauthenticated /config/getuser endpoint allows for remote administrator...

CVE-2020-25078

An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint allows for remote administrator password disclosure. Recent assessments: kevthehermit at March 04, 2021 12:03am UTC reported: Vulnerability The D-LInk...

PT-2020-15933 · D Link · D-Link Dcs-2670L +1

Name of the Vulnerable Software and Affected Versions: D-Link DCS-2530L versions prior to 1.06.01 Hotfix D-Link DCS-2670L versions through 2.02 Description: An issue exists in the cgi-bin/ddns enc.cgi file on D-Link DCS-2530L and DCS-2670L devices that allows authenticated command injection...