CVE-2020-25757

A lack of input validation and access controls in Lua CGIs on D-Link DSR VPN routers may result in arbitrary input being passed to system command APIs, resulting in arbitrary command execution with root privileges. This affects DSR-150, DSR-250, DSR-500, and DSR-1000AC with firmware 3.14 and 3.17...

The vulnerability of the microprogrammed software of the D–Link DSR–500 router allows a malicious individual to gain access to user account information.

In the file system of the D–Link DSR–500 router, user passwords are stored publicly in the file /tmp/teamf1.cfg.ascii...

The vulnerability of the D-Link DSR-500 router’s microprogramming software allows a malicious individual to gain administrator privileges.

The D-Link DSR-500 router has a pre-installed user with administrator privileges...

The vulnerability of the microprogrammed software of the D–Link DSR–500 router allows a malicious individual to intercept network traffic.

The D-Link DSR-500 router’s microprogramming software does not perform ARP packet authentication for packets transmitted over the IPv4 protocol. This allows for intercepting the traffic processed by this router through ARP spoofing attacks...

The vulnerability of the microprogrammed software of the D–Link DSR–500 router allows a malicious individual to gain administrator privileges.

The script “/scgi-bin/platform.cgi” of the D–Link DSR–500 router’s software does not properly filter the data entered by the user in the “Password” field. As a result, a malicious individual can bypass the authentication process and gain access to the device with administrator privileges...

The vulnerability of the microprogrammed software of the D–Link DSR–500 router allows a malicious individual to execute arbitrary system commands.

The web interface of the router allows for the execution of a limited number of system commands ping, traceroute, dnslookup. However, it is possible to execute any command that is separated by a system separator from the allowed commands...

D-Link DSR Router Series - Remote Root Shell Exploit

No description provided by source. !/usr/bin/python CVEs: CVE-2013-5945 - Authentication Bypass by SQL-Injection CVE-2013-5946 - Privilege Escalation by Arbitrary Command Execution Vulnerable Routers: D-Link DSR-150 Firmware v1.08B44 D-Link DSR-150N Firmware v1.05B64 D-Link DSR-250 and DSR-250N...

CVE-2013-7005

CVE-2013-7005 affects D-Link DSR router series (DSR-150, DSR-150N, DSR-250/250N, DSR-500/500N, DSR-1000/1000N). Firmware versions before listed fixes store account passwords in cleartext in /tmp/teamf1.cfg.ascii, exposing them to local users who can read the Password fields. Affected firmware: DS...

CVE-2013-5946

The runShellCmd function in systemCheck.htm in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allows remote attackers to execute...

PT-2013-1294 · D Link · Dsr-500N +6

Name of the Vulnerable Software and Affected Versions: D-Link DSR-150 versions prior to 1.08B44 D-Link DSR-150N versions prior to 1.05B64 D-Link DSR-250 versions prior to 1.08B44 D-Link DSR-250N versions prior to 1.08B44 D-Link DSR-500 versions prior to 1.08B77 D-Link DSR-500N versions prior to...