VYPR

Dsr 250

by Dlink

CVEs (8)

  • CVE-2024-57376Jan 28, 2025
    risk 0.04cvss epss 0.04

    Buffer Overflow vulnerability in D-Link DSR-150, DSR-150N, DSR-250, DSR-250N, DSR-500N, DSR-1000N from 3.13 to 3.17B901C allows unauthenticated users to execute remote code execution.

  • CVE-2020-18568Feb 2, 2021
    risk 0.04cvss epss 0.15

    The D-Link DSR-250 (3.14) DSR-1000N (2.11B201) UPnP service contains a command injection vulnerability, which can cause remote command execution.

  • CVE-2013-5946Dec 19, 2013
    risk 0.01cvss epss 0.07

    The runShellCmd function in systemCheck.htm in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allows remote…

  • CVE-2020-25759Dec 15, 2020
    risk 0.00cvss epss 0.02

    An issue was discovered on D-Link DSR-250 3.17 devices. Certain functionality in the Unified Services Router web interface could allow an authenticated attacker to execute arbitrary commands, due to a lack of validation of inputs provided in multipart HTTP POST requests.

  • CVE-2020-25758Dec 15, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered on D-Link DSR-250 3.17 devices. Insufficient validation of configuration file checksums could allow a remote, authenticated attacker to inject arbitrary crontab entries into saved configurations before uploading. These entries are executed as root.

  • CVE-2020-25757Dec 15, 2020
    risk 0.00cvss epss 0.02

    A lack of input validation and access controls in Lua CGIs on D-Link DSR VPN routers may result in arbitrary input being passed to system command APIs, resulting in arbitrary command execution with root privileges. This affects DSR-150, DSR-250, DSR-500, and DSR-1000AC with…

  • CVE-2013-7005Dec 19, 2013
    risk 0.00cvss epss 0.01

    D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 stores account passwords in cleartext, which allows local users to…

  • CVE-2013-7004Dec 19, 2013
    risk 0.00cvss epss 0.02

    D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 have a hardcoded account of username gkJ9232xXyruTRmY, which makes…