CVE-2020-25078

2025-10-02

144.172.105.25

united states 

D-Link 

DCS-2530L 

GET /config/getuser?index=0 HTTP/1.0
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0
Host: ████████████
X-Forwarded-For: ██████████████
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
Connection: close

CVE-2020-25078 is a critical vulnerability found in D-Link DCS-2530L and DCS-2670L wireless surveillance cameras. These devices are commonly used in both commercial and residential settings for security purposes, featuring 180-degree wide-angle views, Wi-Fi connectivity, motion detection, and high-quality video resolution. The vulnerability exists in the /config/getuser endpoint, which allows remote attackers to disclose the administrator password without any authentication. This can lead to unauthorized access to the device, enabling attackers to manipulate the camera settings, view live feeds, or use the device as a pivot point for further network attacks.
The vulnerability affects D-Link DCS-2530L devices running firmware versions up to 1.05.05 and DCS-2670L devices running firmware versions up to 2.02. The CVSS v3.1 base score for this vulnerability is 7.5, indicating a high severity level. The attack vector is network-based, with low attack complexity, no required privileges, and no user interaction needed. The confidentiality impact is high, while the integrity and availability impacts are none.
Given the high exploitability score of 3.9 and an impact score of 3.6, the vulnerability poses a significant risk. The Exploit Prediction Scoring System (EPSS) score is 82.53%, with a 98% percentile, indicating a high probability of exploitation in the wild. The vulnerability was first published on September 2, 2020, and has been updated as recently as November 8, 2023.

To mitigate the risk posed by CVE-2020-25078, users should take the following steps:

Update Firmware: Ensure that the firmware on D-Link DCS-2530L and DCS-2670L devices is updated to the latest versions. For DCS-2530L, update to version 1.06.01 Hotfix or later. For DCS-2670L, update to version 2.03 or later.
Restrict Network Access: Limit access to the surveillance cameras to trusted networks only. Use network segmentation to isolate the cameras from the rest of the network.
Use Strong Passwords: Change the default administrator password to a strong, unique password. Regularly update passwords and avoid using easily guessable passwords.
Monitor Network Traffic: Implement network monitoring to detect any unusual activity or unauthorized access attempts to the cameras.
Disable Unnecessary Services: Disable any services or features on the cameras that are not required for their operation.
Regular Security Audits: Conduct regular security audits and vulnerability assessments to identify and address potential security issues.

By following these steps, users can significantly reduce the risk of exploitation and enhance the security of their surveillance systems.