CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-10215

An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the dns_query_name parameter in a dns_query.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.041

EPSS Ranking 87.9%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 9.0

References

https://github.com/kuc001/IoTFirmware/blob/master/D-Link/vulnerability2.md
https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/Trendnet-TEW-632.pdf
https://github.com/kuc001/IoTFirmware/blob/master/D-Link/vulnerability2.md
https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/Trendnet-TEW-632.pdf

Products affected by CVE-2020-10215

Dlink » Dir-825 » Version: N/A

cpe:2.3:h:dlink:dir-825:-
Trendnet » Tew-632brp » Version: N/A

cpe:2.3:h:trendnet:tew-632brp:-
Dlink » Dir-825 Firmware » Version: 2.10

cpe:2.3:o:dlink:dir-825_firmware:2.10
Trendnet » Tew-632brp Firmware » Version: 1.010b32

cpe:2.3:o:trendnet:tew-632brp_firmware:1.010b32

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-10215

Products

Pricing

Contact Us