Cyber Resilience

CVE-2020-25078

HighCISA KEVActive ExploitationEUVD Exploited

Published: 02 September 2020

Published
02 September 2020
Modified
07 November 2025
KEV Added
05 August 2025
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.9415 99.9th percentile
Risk Priority 91 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2020-25078 is a high-severity an unspecified weakness vulnerability in Dlink Dcs-4603 Firmware. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 0.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-2 (Identification and Authentication (Organizational Users)).

Deeper analysis

CVE-2020-25078 affects D-Link DCS-2530L devices prior to firmware version 1.06.01 Hotfix and DCS-2670L devices through version 2.02. The vulnerability resides in the unauthenticated /config/getuser endpoint, which exposes administrator credentials without requiring any form of authentication or user interaction.

An attacker with network reachability to an affected device can issue a direct request to the endpoint and retrieve the administrator password in plaintext. This yields full administrative access with a CVSS 3.1 score of 7.5, driven by the network attack vector, low complexity, and high confidentiality impact.

D-Link security advisories SAP10180 direct users to apply the specified hotfix for DCS-2530L and upgrade DCS-2670L firmware to a version beyond 2.02. The vendor also provides product-specific support pages listing the corrected releases.

No public evidence of in-the-wild exploitation is referenced in the available advisories or announcements.

EU & UK References

Vulnerability details

An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint allows for remote administrator password disclosure.

CWE(s)
KEV Date Added
05 August 2025

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

dlink
dcs-4603 firmware
≤ 1.04.02
dlink
dcs-4622 firmware
≤ 2.01.10
dlink
dcs-4701e firmware
≤ 2.03.01
dlink
dcs-4703e firmware
≤ 1.03.04
dlink
dcs-4705e firmware
≤ 1.03.02
dlink
dcs-4802e firmware
≤ 2.01.01
dlink
dcs-p703 firmware
all versions
dlink
dcs-2530l firmware
≤ 1.05.05
dlink
dcs-2670l firmware
≤ 2.03.00

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces authentication and authorization checks before any access to sensitive endpoints such as /config/getuser is granted.

prevent

Requires unique identification and authentication of users prior to allowing any interaction with device configuration functions.

AC-17 Remote Access partial match
prevent

Mandates that all remote access paths to the device implement authentication and access control, eliminating unauthenticated endpoints.

References