CVE-2020-25078

HIGH KEV NUCLEI

D-Link DCS-2530L <1.06.01 - Info Disclosure

Title source: llm

Description

An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint allows for remote administrator password disclosure.

Exploits (3)

nomisec WORKING POC 4 stars
by MzzdToT · infoleak
https://github.com/MzzdToT/CVE-2020-25078
nomisec WORKING POC
by chinaYozz · remote-auth
https://github.com/chinaYozz/CVE-2020-25078

Nuclei Templates (1)

D-Link DCS-2530L/DCS-2670L - Administrator Password Disclosure
HIGHby pikpikcu

References (4)

Scores

CVSS v3 7.5
EPSS 0.9415
EPSS Percentile 99.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CISA KEV 2025-08-05
VulnCheck KEV 2021-06-01
InTheWild.io 2021-05-01
ENISA EUVD EUVD-2020-17770
Status published
Products (9)
dlink/dcs-2530l_firmware < 1.05.05
dlink/dcs-2670l_firmware < 2.03.00
dlink/dcs-4603_firmware < 1.04.02
dlink/dcs-4622_firmware < 2.01.10
dlink/dcs-4701e_firmware < 2.03.01
dlink/dcs-4703e_firmware < 1.03.04
dlink/dcs-4705e_firmware < 1.03.02
dlink/dcs-4802e_firmware < 2.01.01
dlink/dcs-p703_firmware
Published Sep 02, 2020
KEV Added Aug 05, 2025
Tracked Since Feb 18, 2026