D-Link 취약점(CVE-2020-25078)

취약점

CVE-2020-25078

 

취약점 설명

인증되지 않은 사용자가 특정 URL 접근을 통해 관리자 계정 정보를 수집 할 수 있음

 

취약점 URL

/config/getuser?index=0

https://github.com/Ershu1/2021_Hvv/blob/main/D-Link DCS系列监控账号密码信息泄露.md

영향받는 취약점 제품

분야	제조사	제품	버전
operating system	dlink	dcs-2530l_firmware
operating system	dlink	dcs-2530l_firmware	1.04.01
operating system	dlink	dcs-2530l_firmware	1.03.01
operating system	dlink	dcs-2530l_firmware	-
Hardware	dlink	dcs-2530l	-
operating system	dlink	dcs-2530l_firmware	1.05.05
operating system	d-link	dcs-2670l_firmware
operating system	d-link	dcs-2530l_firmware
Hardware	d-link	dcs-2670l	-
operating system	d-link	dcs-2530l_firmware	1.00.21
Hardware	d-link	dcs-2530l	-

 

취약점 조치

Model	Hardware Revision	Affected FW	Fixed FW	Recommendation	Last Updated
DCS-2530L	All Ax Hardware Revisions	v1.05.05 & older	v1.07.00 Hotfix	Update via Mydlink Mobile App	05/07/2021
DCS-2670L	All Ax Hardware Revisions	v2.02 & older	v2.03.00 Hotfix	Download & Update Device	07/26/2020
DCS-4603	All Ax Hardware Revisions	v1.03.04 & older	v1.04.02 Hotfix	Download & Update Device	05/07/2021
DCS-4622	All Bx Hardware Revisions	v2.00.04 & older	v2.01.10 Hotfix	Download & Update Device	05/07/2021
DCS-4701E	All Bx Hardware Revisions	v2.00.21 & older	v2.03.01 Hotfix	Download & Update Device	05/07/2021
DCS-4703E	All Ax Hardware Revisions	v1.02.03 & older	v1.03.04 Hotfix	Download & Update Device	05/07/2021
DCS-4705E	All Ax Hardware Revisions	v1.01.00 & older	v1.03.02 Hotfix	Download & Update Device	05/07/2021
DCS-4802E	All Bx Hardware Revisions	v2.00.09 & older	v2.01.01 Hotfix	Download & Update Device	05/07/2021
DCS-P703	All Ax Hardware Revisions	Non-US Product	End of Service Life	Please retire and replace this model	07/28/2021

 

참고

https://knvd.krcert.or.kr/elkDetail.do?CVEID=CVE-2020-25078&jvn=&CVEID=CNNVD-202009-083&dilen=60c1a61fdd82393915b3074b

https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10180