Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Dlink Subscribe
Filtered by product Dsr-500n Firmware
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-39615 1 Dlink 2 Dsr-500n, Dsr-500n Firmware 2021-08-30 10.0 HIGH 9.8 CRITICAL
** UNSUPPORTED WHEN ASSIGNED ** D-Link DSR-500N version 1.02 contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file.If an attacker succeeds in recovering the cleartext password of the identified hash value, he will be able to log in via SSH or Telnet and thus gain access to the underlying embedded Linux operating system on the device. Fixed in version 2.12/2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2020-25757 1 Dlink 20 Dsr-1000, Dsr-1000 Firmware, Dsr-1000ac and 17 more 2021-07-21 8.3 HIGH 8.8 HIGH
A lack of input validation and access controls in Lua CGIs on D-Link DSR VPN routers may result in arbitrary input being passed to system command APIs, resulting in arbitrary command execution with root privileges. This affects DSR-150, DSR-250, DSR-500, and DSR-1000AC with firmware 3.14 and 3.17.
CVE-2020-25759 1 Dlink 20 Dsr-1000, Dsr-1000 Firmware, Dsr-1000ac and 17 more 2021-07-21 9.0 HIGH 8.8 HIGH
An issue was discovered on D-Link DSR-250 3.17 devices. Certain functionality in the Unified Services Router web interface could allow an authenticated attacker to execute arbitrary commands, due to a lack of validation of inputs provided in multipart HTTP POST requests.
CVE-2020-25758 1 Dlink 20 Dsr-1000, Dsr-1000 Firmware, Dsr-1000ac and 17 more 2021-04-23 9.0 HIGH 8.8 HIGH
An issue was discovered on D-Link DSR-250 3.17 devices. Insufficient validation of configuration file checksums could allow a remote, authenticated attacker to inject arbitrary crontab entries into saved configurations before uploading. These entries are executed as root.
CVE-2013-5945 1 Dlink 16 Dsr-1000, Dsr-1000 Firmware, Dsr-1000n and 13 more 2021-04-23 10.0 HIGH 9.8 CRITICAL
Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allow remote attackers to execute arbitrary SQL commands via the password to (1) the login.authenticate function in share/lua/5.1/teamf1lualib/login.lua or (2) captivePortal.lua.