CVE-2012-6614

D-Link DSR-250N devices before 1.08B31 allow remote authenticated users to obtain "persistent root access" via the BusyBox CLI, as demonstrated by overwriting the super user password.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
VendorProductVersion
dlinkdsr-250n_firmware
𝑥
< 1.08b31
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
ftp://ftp2.dlink.com/PRODUCTS/DSR-250N/REVA/DSR-SERIES_RELEASE_NOTES_v3.14.pdf
http://www.exploit-db.com/exploits/22930/
https://packetstormsecurity.com/files/118355/D-Link-DSR-250N-Backdoor.html
ftp://ftp2.dlink.com/PRODUCTS/DSR-250N/REVA/DSR-SERIES_RELEASE_NOTES_v3.14.pdf
http://www.exploit-db.com/exploits/22930/
https://packetstormsecurity.com/files/118355/D-Link-DSR-250N-Backdoor.html