CVE-2012-6614
HIGHD-Link DSR-250N Firmware < 1.08b31 - Authenticated Privilege Escalation via BusyBox CLI
Title source: llmDescription
D-Link DSR-250N devices before 1.08B31 allow remote authenticated users to obtain "persistent root access" via the BusyBox CLI, as demonstrated by overwriting the super user password.
References (3)
Core 3
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://www.exploit-db.com/exploits/22930/
Release Notes, Vendor Advisory x_refsource_confirm
ftp://ftp2.dlink.com/PRODUCTS/DSR-250N/REVA/DSR-SERIES_RELEASE_NOTES_v3.14.pdf
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://packetstormsecurity.com/files/118355/D-Link-DSR-250N-Backdoor.html
Scores
CVSS v3
7.2
EPSS
0.0955
EPSS Percentile
93.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-862
Status
published
Products (1)
dlink/dsr-250n_firmware
< 1.08b31
Published
Feb 19, 2020
Tracked Since
Feb 18, 2026