본문 바로가기
IT 보안

D-Link 취약점(CVE-2020-25078)

by 떠도리c 2024. 8. 26.
반응형

취약점

CVE-2020-25078

 

취약점 설명

인증되지 않은 사용자가 특정 URL 접근을 통해 관리자 계정 정보를 수집 할 수 있음

 

취약점 URL

/config/getuser?index=0

https://github.com/Ershu1/2021_Hvv/blob/main/D-Link DCS系列监控账号密码信息泄露.md

영향받는 취약점 제품

분야 제조사 제품 버전
operating system dlink dcs-2530l_firmware  
operating system dlink dcs-2530l_firmware 1.04.01
operating system dlink dcs-2530l_firmware 1.03.01
operating system dlink dcs-2530l_firmware -
Hardware dlink dcs-2530l -
operating system dlink dcs-2530l_firmware 1.05.05
operating system d-link dcs-2670l_firmware  
operating system d-link dcs-2530l_firmware  
Hardware d-link dcs-2670l -
operating system d-link dcs-2530l_firmware 1.00.21
Hardware d-link dcs-2530l -

 

취약점 조치

Model Hardware Revision Affected FW Fixed FW Recommendation Last Updated
DCS-2530L All Ax Hardware Revisions v1.05.05 & older v1.07.00 Hotfix Update via Mydlink Mobile App 05/07/2021
DCS-2670L All Ax Hardware Revisions v2.02 & older v2.03.00 Hotfix Download & Update Device 07/26/2020
DCS-4603 All Ax Hardware Revisions v1.03.04 & older v1.04.02 Hotfix Download & Update Device 05/07/2021
DCS-4622 All Bx Hardware Revisions v2.00.04 & older v2.01.10 Hotfix Download & Update Device 05/07/2021
DCS-4701E All Bx Hardware Revisions v2.00.21 & older v2.03.01 Hotfix Download & Update Device 05/07/2021
DCS-4703E All Ax Hardware Revisions v1.02.03 & older v1.03.04 Hotfix Download & Update Device 05/07/2021
DCS-4705E All Ax Hardware Revisions v1.01.00 & older v1.03.02 Hotfix Download & Update Device 05/07/2021
DCS-4802E All Bx Hardware Revisions v2.00.09 & older v2.01.01 Hotfix Download & Update Device 05/07/2021
DCS-P703 All Ax Hardware Revisions Non-US Product End of Service Life Please retire and replace this model 07/28/2021

 

참고

https://knvd.krcert.or.kr/elkDetail.do?CVEID=CVE-2020-25078&jvn=&CVEID=CNNVD-202009-083&dilen=60c1a61fdd82393915b3074b

https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10180

 

반응형