Hillstone Networks

RULE（RULE ID：333408）

Rule General Information


Release Date:		2021-01-08

Rule Name:		D-Link DCS-2530L Credential Disclosure Vulnerability (CVE-2020-25078)

Severity:

CVE ID:

Rule Protection Details


Description:		An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint allows for remote administrator password disclosure.

Impact:		An attacker could exploit this vulnerability to have unspecified effect.

Affected OS:		Network Device

Reference:		https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10180 https://twitter.com/Dogonsecurity/status/1273251236167516161

Solutions

The vendor has released upgrade patches to fix vulnerabilities, please visit:
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10180