CVE-2012-6614

moderate-risk
Published 2020-02-19

D-Link DSR-250N devices before 1.08B31 allow remote authenticated users to obtain "persistent root access" via the BusyBox CLI, as demonstrated by overwriting the super user password.

Do I need to act?

~
6.1% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.2/10 High
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Dlink

References (6)

Release Notes ftp://ftp2.dlink.com/PRODUCTS/DSR-250N/REVA/DSR-SERIES_RELEASE_NOTES_v3.14.pdf
Exploit http://www.exploit-db.com/exploits/22930/
Exploit https://packetstormsecurity.com/files/118355/D-Link-DSR-250N-Backdoor.html
Release Notes ftp://ftp2.dlink.com/PRODUCTS/DSR-250N/REVA/DSR-SERIES_RELEASE_NOTES_v3.14.pdf
Exploit http://www.exploit-db.com/exploits/22930/
Exploit https://packetstormsecurity.com/files/118355/D-Link-DSR-250N-Backdoor.html
40
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 9/34 · Low
Exposure 5/34 · Minimal