Back to KEVs

CVE-2020-25078

An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint...

Basic Information

CVE State
PUBLISHED
Reserved Date
September 02, 2020
Published Date
September 02, 2020
Last Updated
October 21, 2025
Vendor
n/a
Product
n/a
Description
An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint allows for remote administrator password disclosure.
Tags
cisa nuclei_scanner

CVSS Scores

CVSS v3.1

7.5 - HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2.0

5.0

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

SSVC Information

Exploitation
active
Automatable
Yes
Technical Impact
partial

Exploit Status

Exploited in the Wild
Yes (2026-06-01 13:30:38 UTC) Source
Proof of Concept Available
Yes (added 2021-03-30 06:57:31 UTC) Source

References

https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10180 https://twitter.com/Dogonsecurity/status/1273251236167516161

Known Exploited Vulnerability Information

Source Added Date
CVE 2026-06-01 10:38:24 UTC

Scanner Integrations

Scanner URL Date Detected
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-25078.yaml 2025-04-25 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

chinaYozz/CVE-2020-25078

Type: github • Created: 2021-10-15 13:03:29 UTC • Stars: 0

CVE-2020-25078账号密码信息泄露批量脚本Batch script of D-Link DCS series camera account password information disclosure

MzzdToT/CVE-2020-25078

Type: github • Created: 2021-03-30 06:57:31 UTC • Stars: 4

D-Link DCS系列账号密码信息泄露漏洞,通过脚本获取账号密码,可批量。

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Proof of Concept Exploit Available

  • Detected by Nuclei

  • Added to KEVIntel