Dlink: >> Dsr-150 Firmware >> 3.14 Security Vulnerabilities
Buffer Overflow vulnerability in D-Link DSR-150, DSR-150N, DSR-250, DSR-250N, DSR-500N, DSR-1000N from 3.13 to 3.17B901C allows unauthenticated users to execute remote code execution.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-01-28
A lack of input validation and access controls in Lua CGIs on D-Link DSR VPN routers may result in arbitrary input being passed to system command APIs, resulting in arbitrary command execution with root privileges. This affects DSR-150, DSR-250, DSR-500, and DSR-1000AC with firmware 3.14 and 3.17.
CVSS Score
8.8
EPSS Score
0.005
Published
2020-12-15
An issue was discovered on D-Link DSR-250 3.17 devices. Insufficient validation of configuration file checksums could allow a remote, authenticated attacker to inject arbitrary crontab entries into saved configurations before uploading. These entries are executed as root.
CVSS Score
8.8
EPSS Score
0.003
Published
2020-12-15
An issue was discovered on D-Link DSR-250 3.17 devices. Certain functionality in the Unified Services Router web interface could allow an authenticated attacker to execute arbitrary commands, due to a lack of validation of inputs provided in multipart HTTP POST requests.
CVSS Score
8.8
EPSS Score
0.015
Published
2020-12-15