Dsr-500n Firmware Security Vulnerabilities and Issues — Dsr-500n Firmware CVE List

Lucene search

DlinkDsr-500n Firmware

8 matches found

CVE•added 2020/02/11 12:15 p.m.•60 views

CVE-2013-5945

Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allow remote attackers to execute arbitrary SQ...

10CVSS10AI score0.08285EPSS

CVE•added 2020/12/15 8:15 p.m.•59 views

CVE-2020-25757

A lack of input validation and access controls in Lua CGIs on D-Link DSR VPN routers may result in arbitrary input being passed to system command APIs, resulting in arbitrary command execution with root privileges. This affects DSR-150, DSR-250, DSR-500, and DSR-1000AC with firmware 3.14 and 3.17.

8.8CVSS8.8AI score0.00518EPSS

CVE•added 2020/12/15 8:15 p.m.•45 views

CVE-2020-25759

An issue was discovered on D-Link DSR-250 3.17 devices. Certain functionality in the Unified Services Router web interface could allow an authenticated attacker to execute arbitrary commands, due to a lack of validation of inputs provided in multipart HTTP POST requests.

9CVSS8.7AI score0.01453EPSS

CVE•added 2013/12/19 4:24 a.m.•44 views

CVE-2013-5946

The runShellCmd function in systemCheck.htm in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allows remote attackers to execute arbitr...

10CVSS9.7AI score0.06252EPSS

CVE•added 2021/08/23 10:15 p.m.•44 views

CVE-2021-39615

D-Link DSR-500N version 1.02 contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file.If an attacker succeeds in recovering the cleartext password of the identified hash value, he will be able to log in via SSH or Telnet and thus gain access to the underlying embedde...

10CVSS9.5AI score0.02203EPSS

CVE•added 2020/12/15 8:15 p.m.•41 views

CVE-2020-25758

An issue was discovered on D-Link DSR-250 3.17 devices. Insufficient validation of configuration file checksums could allow a remote, authenticated attacker to inject arbitrary crontab entries into saved configurations before uploading. These entries are executed as root.

9CVSS8.4AI score0.00311EPSS

CVE•added 2013/12/19 4:24 a.m.•35 views

CVE-2013-7005

D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 stores account passwords in cleartext, which allows local users to obtain sensitive info...

4.9CVSS8.3AI score0.00049EPSS

CVE•added 2013/12/19 4:24 a.m.•29 views

CVE-2013-7004

D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 have a hardcoded account of username gkJ9232xXyruTRmY, which makes it easier for remote ...

7.8CVSS9.2AI score0.00452EPSS