CVE-2020-29557

CRITICAL KEV

D-Link DIR-825 R1 <3.0.1 - RCE

Title source: llm

Description

An issue was discovered on D-Link DIR-825 R1 devices through 3.0.1 before 2020-11-20. A buffer overflow in the web interface allows attackers to achieve pre-authentication remote code execution.

References (3)

[Broken Link, Exploit, Third Party Advisory] https://shaqed.github.io/dlink/

[Product] https://www.dlink.ru/ru/download2/5/19/2354/441/

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-29557

Scores

CVSS v3 9.8

EPSS 0.9103

EPSS Percentile 99.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2021-11-03

VulnCheck KEV 2021-06-01

InTheWild.io 2021-07-23

ENISA EUVD EUVD-2020-21920

CWE

CWE-119

Status published

Products (1)

dlink/dir-825_r1_firmware < 3.0.1

Published Jan 29, 2021

KEV Added Nov 03, 2021

Tracked Since Feb 18, 2026