Cyber Resilience

CVE-2020-25079

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoCRCE

Published: 02 September 2020

Published
02 September 2020
Modified
07 November 2025
KEV Added
05 August 2025
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.4190 97.5th percentile
Risk Priority 63 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2020-25079 is a high-severity Command Injection (CWE-77) vulnerability in Dlink Dcs-4703E Firmware. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 2.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2020-25079 is an authenticated command injection vulnerability (CWE-77) affecting the cgi-bin/ddns_enc.cgi endpoint on D-Link DCS-2530L devices prior to firmware 1.06.01 Hotfix and DCS-2670L devices through firmware version 2.02. The flaw carries a CVSS 3.1 base score of 8.8, reflecting network attack vector, low attack complexity, and low privileges required.

An attacker who has already obtained valid credentials can send specially crafted requests to the affected CGI script, resulting in arbitrary command execution on the device. Successful exploitation grants the attacker full control over confidentiality, integrity, and availability of the camera without user interaction.

Vendor advisories referenced in the disclosure direct users to the D-Link support portal for the DCS-2530L hotfix and updated firmware for the DCS-2670L; the same announcements list the affected models and corresponding fixed versions. No public information on in-the-wild exploitation is provided in the available references.

EU & UK References

Vulnerability details

An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. cgi-bin/ddns_enc.cgi allows authenticated command injection.

CWE(s)
KEV Date Added
05 August 2025

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

dlink
dcs-4703e firmware
≤ 1.03.04
dlink
dcs-4705e firmware
≤ 1.03.02
dlink
dcs-4802e firmware
≤ 2.01.01
dlink
dcs-p703 firmware
all versions
dlink
dcs-4603 firmware
≤ 1.04.02
dlink
dcs-4622 firmware
≤ 2.01.10
dlink
dcs-4701e firmware
≤ 2.03.01
dlink
dcs-2530l firmware
≤ 1.05.05
dlink
dcs-2670l firmware
≤ 2.03.00

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Mandatory validation and sanitization of all CGI input parameters would directly block the command-injection payload sent to ddns_enc.cgi.

prevent

Applying the vendor hotfix (1.06.01+) or updated firmware (2.02+) eliminates the vulnerable code path in the affected D-Link devices.

prevent

Restricting the web-server process and authenticated accounts to the minimum privileges needed for DDNS configuration would limit the scope of commands that can be executed after injection.

References