CVE-2020-26567 Information

Feb 14, 2021 cve

Description

An issue was discovered on D-Link DSR-250N before 3.17B devices. The CGI script upgradeStatusReboot.cgi can be accessed without authentication. Any access reboots the device rendering it therefore unusable for several minutes.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Reference

http://packetstormsecurity.com/files/159516/D-Link-DSR-250N-Denial-Of-Service.html http://seclists.org/fulldisclosure/2020/Oct/14 https://www.redteam-pentesting.de/advisories/rt-sa-2020-002

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

5.5

Share on: