An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint allows for remote administrator password disclosure.
2020-09-02T16:15:12.627
2025-08-06T20:42:41.927
Analyzed
CVSSv3.1: 7.5 (HIGH)
AV:N/AC:L/Au:N/C:P/I:N/A:N
10.0
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | dlink | dcs-4603_firmware | < 1.04.02 | Yes |
| Hardware | dlink | dcs-4603 | - | No |
| Operating System | dlink | dcs-4622_firmware | < 2.01.10 | Yes |
| Hardware | dlink | dcs-4622 | - | No |
| Operating System | dlink | dcs-4701e_firmware | < 2.03.01 | Yes |
| Hardware | dlink | dcs-4701e | - | No |
| Operating System | dlink | dcs-4703e_firmware | < 1.03.04 | Yes |
| Hardware | dlink | dcs-4703e | - | No |
| Operating System | dlink | dcs-4705e_firmware | < 1.03.02 | Yes |
| Hardware | dlink | dcs-4705e | - | No |
| Operating System | dlink | dcs-4802e_firmware | < 2.01.01 | Yes |
| Hardware | dlink | dcs-4802e | - | No |
| Operating System | dlink | dcs-p703_firmware | * | Yes |
| Hardware | dlink | dcs-p703 | - | No |
| Operating System | dlink | dcs-2530l_firmware | ≤ 1.05.05 | Yes |
| Hardware | dlink | dcs-2530l | - | No |
| Operating System | dlink | dcs-2670l_firmware | < 2.03.00 | Yes |
| Hardware | dlink | dcs-2670l | - | No |