CVE-2020-26567

MEDIUM

D-Link DSR-250N < 3.17b - Unauthenticated Denial of Service via upgradeStatusReboot.cgi

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-26567. PoCs published by RedTeam Pentesting GmbH.

AI-analyzed exploit summary This is a detailed advisory and proof-of-concept for CVE-2020-26567, a Denial of Service vulnerability in D-Link DSR-250N routers. The vulnerability allows unauthenticated attackers to reboot the device by accessing a specific CGI script.

Description

An issue was discovered on D-Link DSR-250N before 3.17B devices. The CGI script upgradeStatusReboot.cgi can be accessed without authentication. Any access reboots the device, rendering it therefore unusable for several minutes.

Exploits (1)

exploitdb WRITEUP
by RedTeam Pentesting GmbH · textwebappshardware
https://www.exploit-db.com/exploits/48863

This is a detailed advisory and proof-of-concept for CVE-2020-26567, a Denial of Service vulnerability in D-Link DSR-250N routers. The vulnerability allows unauthenticated attackers to reboot the device by accessing a specific CGI script.

Classification
Writeup 100%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: D-Link DSR-250N (versions 3.12 and potentially later)
No auth needed
Prerequisites: Network access to the vulnerable device
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Mitigation, Patch, Third Party Advisory x_refsource_misc
https://www.redteam-pentesting.de/advisories/rt-sa-2020-002
Exploit, Mailing List, Mitigation, Patch, Third Party Advisory x_refsource_misc
http://seclists.org/fulldisclosure/2020/Oct/14
Exploit, Mitigation, Patch, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/159516/D-Link-DSR-250N-Denial-Of-Service.html

Scores

CVSS v3 5.5
EPSS 0.1718
EPSS Percentile 96.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-306
Status published
Products (1)
dlink/dsr-250n_firmware < 3.17b
Published Oct 08, 2020
Tracked Since Feb 18, 2026