CVE-2020-25079

HIGH KEV

Dlink Dcs-4703e Firmware < 1.03.04 - Command Injection

Title source: rule

Description

An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. cgi-bin/ddns_enc.cgi allows authenticated command injection.

References (4)

[Patch, Vendor Advisory] https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10180

[Broken Link, Exploit, Third Party Advisory] https://twitter.com/Dogonsecurity/status/1271265152118259712

[Product] https://support.dlink.com/productinfo.aspx?m=DCS-2530L

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-25079

Scores

CVSS v3 8.8

EPSS 0.4827

EPSS Percentile 97.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2025-08-05

VulnCheck KEV 2025-08-05

ENISA EUVD EUVD-2020-17771

CWE

CWE-77

Status published

Products (9)

dlink/dcs-2530l_firmware < 1.05.05

dlink/dcs-2670l_firmware < 2.03.00

dlink/dcs-4603_firmware < 1.04.02

dlink/dcs-4622_firmware < 2.01.10

dlink/dcs-4701e_firmware < 2.03.01

dlink/dcs-4703e_firmware < 1.03.04

dlink/dcs-4705e_firmware < 1.03.02

dlink/dcs-4802e_firmware < 2.01.01

dlink/dcs-p703_firmware

Published Sep 02, 2020

KEV Added Aug 05, 2025

Tracked Since Feb 18, 2026