CVE-2020-25079
Published: 02 September 2020
Summary
CVE-2020-25079 is a high-severity Command Injection (CWE-77) vulnerability in Dlink Dcs-4703E Firmware. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 2.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2020-25079 is an authenticated command injection vulnerability (CWE-77) affecting the cgi-bin/ddns_enc.cgi endpoint on D-Link DCS-2530L devices prior to firmware 1.06.01 Hotfix and DCS-2670L devices through firmware version 2.02. The flaw carries a CVSS 3.1 base score of 8.8, reflecting network attack vector, low attack complexity, and low privileges required.
An attacker who has already obtained valid credentials can send specially crafted requests to the affected CGI script, resulting in arbitrary command execution on the device. Successful exploitation grants the attacker full control over confidentiality, integrity, and availability of the camera without user interaction.
Vendor advisories referenced in the disclosure direct users to the D-Link support portal for the DCS-2530L hotfix and updated firmware for the DCS-2670L; the same announcements list the affected models and corresponding fixed versions. No public information on in-the-wild exploitation is provided in the available references.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2020-17771
Vulnerability details
An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. cgi-bin/ddns_enc.cgi allows authenticated command injection.
- CWE(s)
- KEV Date Added
- 05 August 2025
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Mandatory validation and sanitization of all CGI input parameters would directly block the command-injection payload sent to ddns_enc.cgi.
Applying the vendor hotfix (1.06.01+) or updated firmware (2.02+) eliminates the vulnerable code path in the affected D-Link devices.
Restricting the web-server process and authenticated accounts to the minimum privileges needed for DDNS configuration would limit the scope of commands that can be executed after injection.