Vulnerability Details CVE-2012-6614
D-Link DSR-250N devices before 1.08B31 allow remote authenticated users to obtain "persistent root access" via the BusyBox CLI, as demonstrated by overwriting the super user password.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.081
EPSS Ranking 91.8%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 9.0
References
- ftp://ftp2.dlink.com/PRODUCTS/DSR-250N/REVA/DSR-SERIES_RELEASE_NOTES_v3.14.pdf
- http://www.exploit-db.com/exploits/22930/
- https://packetstormsecurity.com/files/118355/D-Link-DSR-250N-Backdoor.html
- ftp://ftp2.dlink.com/PRODUCTS/DSR-250N/REVA/DSR-SERIES_RELEASE_NOTES_v3.14.pdf
- http://www.exploit-db.com/exploits/22930/
- https://packetstormsecurity.com/files/118355/D-Link-DSR-250N-Backdoor.html
Products affected by CVE-2012-6614
-
cpe:2.3:h:dlink:dsr-250n:-
-
cpe:2.3:o:dlink:dsr-250n_firmware:-
-
cpe:2.3:o:dlink:dsr-250n_firmware:1.01b46
-
cpe:2.3:o:dlink:dsr-250n_firmware:1.01b56
-
cpe:2.3:o:dlink:dsr-250n_firmware:1.05b20
-
cpe:2.3:o:dlink:dsr-250n_firmware:1.05b53
-
cpe:2.3:o:dlink:dsr-250n_firmware:1.05b73_ww