Vulnerabilities (CVE)

Filtered by vendor Dlink Subscribe
Filtered by product Dsr-1000ac Firmware
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-25759 1 Dlink 20 Dsr-1000, Dsr-1000 Firmware, Dsr-1000ac and 17 more 2024-02-28 9.0 HIGH 8.8 HIGH
An issue was discovered on D-Link DSR-250 3.17 devices. Certain functionality in the Unified Services Router web interface could allow an authenticated attacker to execute arbitrary commands, due to a lack of validation of inputs provided in multipart HTTP POST requests.
CVE-2020-25758 1 Dlink 20 Dsr-1000, Dsr-1000 Firmware, Dsr-1000ac and 17 more 2024-02-28 9.0 HIGH 8.8 HIGH
An issue was discovered on D-Link DSR-250 3.17 devices. Insufficient validation of configuration file checksums could allow a remote, authenticated attacker to inject arbitrary crontab entries into saved configurations before uploading. These entries are executed as root.
CVE-2020-25757 1 Dlink 20 Dsr-1000, Dsr-1000 Firmware, Dsr-1000ac and 17 more 2024-02-28 8.3 HIGH 8.8 HIGH
A lack of input validation and access controls in Lua CGIs on D-Link DSR VPN routers may result in arbitrary input being passed to system command APIs, resulting in arbitrary command execution with root privileges. This affects DSR-150, DSR-250, DSR-500, and DSR-1000AC with firmware 3.14 and 3.17.