Dsr-250n Firmware Security Vulnerabilities and Issues — Dsr-250n Firmware CVE List

Lucene search

DlinkDsr-250n Firmware

11 matches found

CVE•added 2020/01/25 7:15 p.m.•93 views

CVE-2012-6613

D-Link DSR-250N devices with firmware 1.05B73_WW allow Persistent Root Access because of the admin password for the admin account.

9CVSS7.2AI score0.0098EPSS

CVE•added 2020/10/08 1:15 p.m.•77 views

CVE-2020-26567

An issue was discovered on D-Link DSR-250N before 3.17B devices. The CGI script upgradeStatusReboot.cgi can be accessed without authentication. Any access reboots the device, rendering it therefore unusable for several minutes.

5.5CVSS5.5AI score0.12873EPSS

CVE•added 2020/02/11 12:15 p.m.•60 views

CVE-2013-5945

Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allow remote attackers to execute arbitrary SQ...

10CVSS10AI score0.08285EPSS

CVE•added 2020/12/15 8:15 p.m.•59 views

CVE-2020-25757

A lack of input validation and access controls in Lua CGIs on D-Link DSR VPN routers may result in arbitrary input being passed to system command APIs, resulting in arbitrary command execution with root privileges. This affects DSR-150, DSR-250, DSR-500, and DSR-1000AC with firmware 3.14 and 3.17.

8.8CVSS8.8AI score0.00518EPSS

CVE•added 2020/12/15 8:15 p.m.•45 views

CVE-2020-25759

An issue was discovered on D-Link DSR-250 3.17 devices. Certain functionality in the Unified Services Router web interface could allow an authenticated attacker to execute arbitrary commands, due to a lack of validation of inputs provided in multipart HTTP POST requests.

9CVSS8.7AI score0.01453EPSS

CVE•added 2013/12/19 4:24 a.m.•44 views

CVE-2013-5946

The runShellCmd function in systemCheck.htm in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allows remote attackers to execute arbitr...

10CVSS9.7AI score0.06252EPSS

CVE•added 2025/01/28 10:15 p.m.•42 views

CVE-2024-57376

Buffer Overflow vulnerability in D-Link DSR-150, DSR-150N, DSR-250, DSR-250N, DSR-500N, DSR-1000N from 3.13 to 3.17B901C allows unauthenticated users to execute remote code execution.

8.8CVSS8.3AI score0.00084EPSS

CVE•added 2020/12/15 8:15 p.m.•41 views

CVE-2020-25758

An issue was discovered on D-Link DSR-250 3.17 devices. Insufficient validation of configuration file checksums could allow a remote, authenticated attacker to inject arbitrary crontab entries into saved configurations before uploading. These entries are executed as root.

9CVSS8.4AI score0.00311EPSS

CVE•added 2013/12/19 4:24 a.m.•35 views

CVE-2013-7005

D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 stores account passwords in cleartext, which allows local users to obtain sensitive info...

4.9CVSS8.3AI score0.00049EPSS

CVE•added 2020/02/19 3:15 p.m.•34 views

CVE-2012-6614

D-Link DSR-250N devices before 1.08B31 allow remote authenticated users to obtain "persistent root access" via the BusyBox CLI, as demonstrated by overwriting the super user password.

9CVSS6.7AI score0.08057EPSS

CVE•added 2013/12/19 4:24 a.m.•29 views

CVE-2013-7004

D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 have a hardcoded account of username gkJ9232xXyruTRmY, which makes it easier for remote ...

7.8CVSS9.2AI score0.00452EPSS