CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-10216

An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the date parameter in a system_time.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.046

EPSS Ranking 88.7%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 9.0

References

https://github.com/kuc001/IoTFirmware/blob/master/D-Link/vulnerability1.md
https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/Trendnet-TEW-632.pdf
https://github.com/kuc001/IoTFirmware/blob/master/D-Link/vulnerability1.md
https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/Trendnet-TEW-632.pdf

Products affected by CVE-2020-10216

Dlink » Dir-825 » Version: N/A

cpe:2.3:h:dlink:dir-825:-
Trendnet » Tew-632brp » Version: N/A

cpe:2.3:h:trendnet:tew-632brp:-
Dlink » Dir-825 Firmware » Version: 2.10

cpe:2.3:o:dlink:dir-825_firmware:2.10
Trendnet » Tew-632brp Firmware » Version: 1.010b32

cpe:2.3:o:trendnet:tew-632brp_firmware:1.010b32

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-10216

Products

Pricing

Contact Us