CVE-2020-25079

HIGH KEV

D-Link DCS-2530L < 1.06.01 and DCS-2670L <= 2.02 - Authenticated Command Injection via ddns_enc.cgi

Title source: llm

Exploitation Summary

CVE-2020-25079 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added August 5, 2025.

Description

An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. cgi-bin/ddns_enc.cgi allows authenticated command injection.

References (4)

Core 4

Core References

Patch, Vendor Advisory x_refsource_misc

https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10180

Broken Link, Exploit, Third Party Advisory x_refsource_misc

https://twitter.com/Dogonsecurity/status/1271265152118259712

Product

https://support.dlink.com/productinfo.aspx?m=DCS-2530L

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-25079

Scores

CVSS v3 8.8

EPSS 0.4190

EPSS Percentile 97.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2025-08-05

VulnCheck KEV 2025-08-05

ENISA EUVD EUVD-2020-17771

CWE

CWE-77

Status published

Products (9)

dlink/dcs-2530l_firmware < 1.05.05

dlink/dcs-2670l_firmware < 2.03.00

dlink/dcs-4603_firmware < 1.04.02

dlink/dcs-4622_firmware < 2.01.10

dlink/dcs-4701e_firmware < 2.03.01

dlink/dcs-4703e_firmware < 1.03.04

dlink/dcs-4705e_firmware < 1.03.02

dlink/dcs-4802e_firmware < 2.01.01

dlink/dcs-p703_firmware

Published Sep 02, 2020

KEV Added Aug 05, 2025

Tracked Since Feb 18, 2026