mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-07 11:06:19 +00:00
837 B
837 B
CVE-2020-25758
Description
An issue was discovered on D-Link DSR-250 3.17 devices. Insufficient validation of configuration file checksums could allow a remote, authenticated attacker to inject arbitrary crontab entries into saved configurations before uploading. These entries are executed as root.
POC
Reference
- https://www.digitaldefense.com/news/zero-day-vuln-d-link-vpn-routers/
- https://www.digitaldefense.com/news/zero-day-vuln-d-link-vpn-routers/
Github
No PoCs found on GitHub currently.