Vulnerabilities (CVE)

Filtered by vendor Dlink Subscribe
Filtered by product Dsr-500n Firmware
Total 8 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-39615 1 Dlink 2 Dsr-500n, Dsr-500n Firmware 2024-08-04 10.0 HIGH 9.8 CRITICAL
** UNSUPPORTED WHEN ASSIGNED ** D-Link DSR-500N version 1.02 contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file.If an attacker succeeds in recovering the cleartext password of the identified hash value, he will be able to log in via SSH or Telnet and thus gain access to the underlying embedded Linux operating system on the device. Fixed in version 2.12/2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2020-25758 1 Dlink 20 Dsr-1000, Dsr-1000 Firmware, Dsr-1000ac and 17 more 2024-02-04 9.0 HIGH 8.8 HIGH
An issue was discovered on D-Link DSR-250 3.17 devices. Insufficient validation of configuration file checksums could allow a remote, authenticated attacker to inject arbitrary crontab entries into saved configurations before uploading. These entries are executed as root.
CVE-2020-25759 1 Dlink 20 Dsr-1000, Dsr-1000 Firmware, Dsr-1000ac and 17 more 2024-02-04 9.0 HIGH 8.8 HIGH
An issue was discovered on D-Link DSR-250 3.17 devices. Certain functionality in the Unified Services Router web interface could allow an authenticated attacker to execute arbitrary commands, due to a lack of validation of inputs provided in multipart HTTP POST requests.
CVE-2020-25757 1 Dlink 20 Dsr-1000, Dsr-1000 Firmware, Dsr-1000ac and 17 more 2024-02-04 8.3 HIGH 8.8 HIGH
A lack of input validation and access controls in Lua CGIs on D-Link DSR VPN routers may result in arbitrary input being passed to system command APIs, resulting in arbitrary command execution with root privileges. This affects DSR-150, DSR-250, DSR-500, and DSR-1000AC with firmware 3.14 and 3.17.
CVE-2013-5945 1 Dlink 16 Dsr-1000, Dsr-1000 Firmware, Dsr-1000n and 13 more 2024-02-04 10.0 HIGH 9.8 CRITICAL
Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allow remote attackers to execute arbitrary SQL commands via the password to (1) the login.authenticate function in share/lua/5.1/teamf1lualib/login.lua or (2) captivePortal.lua.
CVE-2013-7005 1 Dlink 16 Dsr-1000, Dsr-1000 Firmware, Dsr-1000n and 13 more 2024-02-04 4.9 MEDIUM N/A
D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 stores account passwords in cleartext, which allows local users to obtain sensitive information by reading the Users[#]["Password"] fields in /tmp/teamf1.cfg.ascii.
CVE-2013-5946 1 Dlink 16 Dsr-1000, Dsr-1000 Firmware, Dsr-1000n and 13 more 2024-02-04 10.0 HIGH N/A
The runShellCmd function in systemCheck.htm in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) "Ping or Trace an IP Address" or (2) "Perform a DNS Lookup" section.
CVE-2013-7004 1 Dlink 16 Dsr-1000, Dsr-1000 Firmware, Dsr-1000n and 13 more 2024-02-04 7.8 HIGH N/A
D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 have a hardcoded account of username gkJ9232xXyruTRmY, which makes it easier for remote attackers to obtain access by leveraging knowledge of the username.