Информация об атаке

Tag
 
CVE-2020-25078
Date
 
2025-12-10
Client IP
 
64.225.115.99
Client GEO
 
united states
Vendor
 
D-Link
Product
 
DCS-2530L
RAW request
 
GET /config/getuser?index=0 HTTP/1.0
User-Agent: Mozilla/5.0 (SS; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/█████████ Safari/537.36
Host: blog.██████
X-Forwarded-For: █████████████
Accept: */*
Accept-Language: en
Accept-Encoding: gzip
Connection: close
Description
 
CVE-2020-25078 is a critical vulnerability found in D-Link DCS-2530L and DCS-2670L wireless surveillance cameras. These devices are commonly used in both commercial and residential settings for security purposes, featuring 180-degree wide-angle views, Wi-Fi connectivity, motion detection, and high-quality video resolution. The vulnerability exists in the /config/getuser endpoint, which allows remote attackers to disclose the administrator password without any authentication. This can lead to unauthorized access to the device, enabling attackers to manipulate the camera settings, view live feeds, or use the device as a pivot point for further network attacks.


The vulnerability affects D-Link DCS-2530L devices running firmware versions up to 1.05.05 and DCS-2670L devices running firmware versions up to 2.02. The CVSS v3.1 base score for this vulnerability is 7.5, indicating a high severity level. The attack vector is network-based, with low attack complexity, no required privileges, and no user interaction needed. The confidentiality impact is high, while the integrity and availability impacts are none.


Given the high exploitability score of 3.9 and an impact score of 3.6, the vulnerability poses a significant risk. The Exploit Prediction Scoring System (EPSS) score is 82.53%, with a 98% percentile, indicating a high probability of exploitation in the wild. The vulnerability was first published on September 2, 2020, and has been updated as recently as November 8, 2023.
Mitigations
 
To mitigate the risk posed by CVE-2020-25078, users should take the following steps:


    

  1. Update Firmware: Ensure that the firmware on D-Link DCS-2530L and DCS-2670L devices is updated to the latest versions. For DCS-2530L, update to version 1.06.01 Hotfix or later. For DCS-2670L, update to version 2.03 or later.
    2. 

  2. Restrict Network Access: Limit access to the surveillance cameras to trusted networks only. Use network segmentation to isolate the cameras from the rest of the network.
    3. 

  3. Use Strong Passwords: Change the default administrator password to a strong, unique password. Regularly update passwords and avoid using easily guessable passwords.
    4. 

  4. Monitor Network Traffic: Implement network monitoring to detect any unusual activity or unauthorized access attempts to the cameras.
    5. 

  5. Disable Unnecessary Services: Disable any services or features on the cameras that are not required for their operation.
    6. 

  6. Regular Security Audits: Conduct regular security audits and vulnerability assessments to identify and address potential security issues.
    7. 



By following these steps, users can significantly reduce the risk of exploitation and enhance the security of their surveillance systems.
Links
https://attackerkb.com/topics/iAOGl5JHyI/cve-2020-25078
https://gist.github.com/Udyz/9cfd56d661c4a97a002d036d00e6073f
https://nvd.nist.gov/vuln/detail/CVE-2020-25078
https://pentest-tools.com/vulnerabilities-exploits/d-link-dcs-ip-cameras-multiple-vulnerabilities_10603
https://securityforeveryone.com/tools/d-link-dcs-2530l-administrator-password-disclosure-cve-2020-25078
https://unit42.paloaltonetworks.com/network-attack-trends-february-april-2021/
https://vuldb.com/?id.160635
https://www.cvedetails.com/cve/CVE-2020-25078/
https://www.tenable.com/cve/CVE-2020-25078/cpes