An issue was discovered on D-Link DSR-250 3.17 devices. Insufficient validation of configuration file checksums could allow a remote, authenticated attacker to inject arbitrary crontab entries into saved configurations before uploading. These entries are executed as root.
2020-12-15T20:15:16.243
2024-11-21T05:18:41.153
Modified
CVSSv3.1: 8.8 (HIGH)
AV:N/AC:L/Au:S/C:C/I:C/A:C
8.0
10.0
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | dlink | dsr-150_firmware | ≤ 3.17 | Yes |
| Hardware | dlink | dsr-150 | - | No |
| Operating System | dlink | dsr-150n_firmware | ≤ 3.17 | Yes |
| Hardware | dlink | dsr-150n | - | No |
| Operating System | dlink | dsr-250_firmware | ≤ 3.17 | Yes |
| Hardware | dlink | dsr-250 | - | No |
| Operating System | dlink | dsr-250n_firmware | ≤ 3.17 | Yes |
| Hardware | dlink | dsr-250n | - | No |
| Operating System | dlink | dsr-500_firmware | ≤ 3.17 | Yes |
| Hardware | dlink | dsr-500 | - | No |
| Operating System | dlink | dsr-500n_firmware | * | Yes |
| Hardware | dlink | dsr-500n | - | No |
| Operating System | dlink | dsr-500ac_firmware | ≤ 3.17 | Yes |
| Hardware | dlink | dsr-500ac | - | No |
| Operating System | dlink | dsr-1000_firmware | ≤ 3.17 | Yes |
| Hardware | dlink | dsr-1000 | - | No |
| Operating System | dlink | dsr-1000n_firmware | ≤ 3.17 | Yes |
| Hardware | dlink | dsr-1000n | - | No |
| Operating System | dlink | dsr-1000ac_firmware | ≤ 3.17 | Yes |
| Hardware | dlink | dsr-1000ac | - | No |