Sign-up

ID

VAR-202010-0522


CVE

CVE-2020-26567


TITLE

D-Link DSR-250N  Vulnerability regarding lack of authentication for critical features on the device

Trust: 0.8

sources: JVNDB: JVNDB-2020-012324

DESCRIPTION

An issue was discovered on D-Link DSR-250N before 3.17B devices. The CGI script upgradeStatusReboot.cgi can be accessed without authentication. Any access reboots the device, rendering it therefore unusable for several minutes. D-Link DSR-250N The device is vulnerable to a lack of authentication for critical features.Denial of service (DoS) It may be put into a state. D-Link DSR-250N is a unified service router produced by D-Link in Taiwan

Trust: 2.25

sources: NVD: CVE-2020-26567 // JVNDB: JVNDB-2020-012324 // CNVD: CNVD-2020-59763 // VULMON: CVE-2020-26567

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-59763

AFFECTED PRODUCTS

vendor:dlinkmodel:dsr-250nscope:ltversion:3.17b

Trust: 1.0

vendor:d linkmodel:dsr-250nscope:eqversion: -

Trust: 0.8

vendor:d linkmodel:dsr-250nscope:ltversion:dsr-250n firmware 3.17b less than

Trust: 0.8

vendor:d linkmodel:dsr-250n <3.17bscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-59763 // JVNDB: JVNDB-2020-012324 // NVD: CVE-2020-26567

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-26567
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-26567
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-59763
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202010-238
value: MEDIUM

Trust: 0.6

VULMON: CVE-2020-26567
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-26567
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2020-59763
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-26567
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2020-26567
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-59763 // VULMON: CVE-2020-26567 // JVNDB: JVNDB-2020-012324 // CNNVD: CNNVD-202010-238 // NVD: CVE-2020-26567

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.0

problemtype:Lack of authentication for important features (CWE-306) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-012324 // NVD: CVE-2020-26567

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202010-238

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202010-238

PATCH

title:Top Pageurl:https://www.dlink.com/en/consumer

Trust: 0.8

title:Patch for D-Link DSR-250N Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/237802

Trust: 0.6

title:D-Link DSR-250N Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131105

Trust: 0.6

title:SecBooks SecBooks目录url:https://github.com/SexyBeast233/SecBooks

Trust: 0.1

sources: CNVD: CNVD-2020-59763 // VULMON: CVE-2020-26567 // JVNDB: JVNDB-2020-012324 // CNNVD: CNNVD-202010-238

EXTERNAL IDS

db:NVDid:CVE-2020-26567

Trust: 3.1

db:PACKETSTORMid:159516

Trust: 2.5

db:JVNDBid:JVNDB-2020-012324

Trust: 0.8

db:CNVDid:CNVD-2020-59763

Trust: 0.6

db:EXPLOIT-DBid:48863

Trust: 0.6

db:CNNVDid:CNNVD-202010-238

Trust: 0.6

db:VULMONid:CVE-2020-26567

Trust: 0.1

sources: CNVD: CNVD-2020-59763 // VULMON: CVE-2020-26567 // JVNDB: JVNDB-2020-012324 // CNNVD: CNNVD-202010-238 // NVD: CVE-2020-26567

REFERENCES

url:http://packetstormsecurity.com/files/159516/d-link-dsr-250n-denial-of-service.html

Trust: 3.2

url:http://seclists.org/fulldisclosure/2020/oct/14

Trust: 3.1

url:https://www.redteam-pentesting.de/advisories/rt-sa-2020-002

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-26567

Trust: 1.4

url:https://www.redteam-pentesting.de/en/advisories/rt-sa-2020-002/-denial-of-service-in-d-link-dsr-250n

Trust: 0.8

url:https://www.exploit-db.com/exploits/48863

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/306.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/sexybeast233/secbooks

Trust: 0.1

sources: CNVD: CNVD-2020-59763 // VULMON: CVE-2020-26567 // JVNDB: JVNDB-2020-012324 // CNNVD: CNNVD-202010-238 // NVD: CVE-2020-26567

CREDITS

Site redteam-pentesting.de

Trust: 0.6

sources: CNNVD: CNNVD-202010-238

SOURCES

db:CNVDid:CNVD-2020-59763
db:VULMONid:CVE-2020-26567
db:JVNDBid:JVNDB-2020-012324
db:CNNVDid:CNNVD-202010-238
db:NVDid:CVE-2020-26567

LAST UPDATE DATE

2024-11-23T23:11:16.434000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-59763date:2020-11-01T00:00:00
db:VULMONid:CVE-2020-26567date:2023-04-26T00:00:00
db:JVNDBid:JVNDB-2020-012324date:2021-04-30T05:39:00
db:CNNVDid:CNNVD-202010-238date:2020-10-21T00:00:00
db:NVDid:CVE-2020-26567date:2024-11-21T05:20:05.940

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-59763date:2020-10-28T00:00:00
db:VULMONid:CVE-2020-26567date:2020-10-08T00:00:00
db:JVNDBid:JVNDB-2020-012324date:2021-04-30T00:00:00
db:CNNVDid:CNNVD-202010-238date:2020-10-08T00:00:00
db:NVDid:CVE-2020-26567date:2020-10-08T13:15:11.233