CVE-2020-25079 | THREATINT

Description

An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. cgi-bin/ddns_enc.cgi allows authenticated command injection.

PUBLISHED Reserved 2020-09-02 | Published 2020-09-02 | Updated 2025-10-21 | Assigner mitre

CISA Known Exploited Vulnerability

Date added 2025-08-05 | Due date 2025-08-26

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

References

supportannouncement.us.dlink.com/...ation.aspx?name=SAP10180

twitter.com/Dogonsecurity/status/1271265152118259712

support.dlink.com/productinfo.aspx?m=DCS-2530L product

www.cisa.gov/...erabilities-catalog?field_cve=CVE-2020-25079 government-resource

supportannouncement.us.dlink.com/...ation.aspx?name=SAP10180

twitter.com/Dogonsecurity/status/1271265152118259712

cve.org (CVE-2020-25079)

nvd.nist.gov (CVE-2020-25079)

Download JSON