Vulnerability Details CVE-2012-6614
D-Link DSR-250N devices before 1.08B31 allow remote authenticated users to obtain "persistent root access" via the BusyBox CLI, as demonstrated by overwriting the super user password.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.034
EPSS Ranking 87.3%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 9.0
References
- ftp://ftp2.dlink.com/PRODUCTS/DSR-250N/REVA/DSR-SERIES_RELEASE_NOTES_v3.14.pdf
- http://www.exploit-db.com/exploits/22930/
- https://packetstormsecurity.com/files/118355/D-Link-DSR-250N-Backdoor.html
- ftp://ftp2.dlink.com/PRODUCTS/DSR-250N/REVA/DSR-SERIES_RELEASE_NOTES_v3.14.pdf
- http://www.exploit-db.com/exploits/22930/
- https://packetstormsecurity.com/files/118355/D-Link-DSR-250N-Backdoor.html
Products affected by CVE-2012-6614
-
cpe:2.3:h:dlink:dsr-250n:-
-
cpe:2.3:o:dlink:dsr-250n_firmware:-
-
cpe:2.3:o:dlink:dsr-250n_firmware:1.01b46
-
cpe:2.3:o:dlink:dsr-250n_firmware:1.01b56
-
cpe:2.3:o:dlink:dsr-250n_firmware:1.05b20
-
cpe:2.3:o:dlink:dsr-250n_firmware:1.05b53
-
cpe:2.3:o:dlink:dsr-250n_firmware:1.05b73_ww