🔴 CVE-2020-25079

Command injection vulnerability in D-Link IP cameras' web management interface allows authenticated attackers to execute arbitrary commands. These cameras are commonly deployed with internet-facing web interfaces for remote monitoring.

← Back to Overview
HIGH_RISK
Risk Level
8.8
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 — Exploit Public-Facing Application
ATT&CK Technique
HIGH
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2020-09-02

Added to CISA KEV: 2025-08-05 1798 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2020-25079 is a high-severity command injection vulnerability affecting specific D-Link network camera models [1] [3].

Vulnerability Overview
  • Affected Products: D-Link DCS-2530L (versions before 1.06.01 Hotfix) and D-Link DCS-2670L (versions through 2.02) [1] [4].
  • Impact: Successful exploitation allows an attacker to perform command injection, which can lead to full system compromise, unauthorized access, or loss of control over the affected device [2].
  • Exploitation Requirements:
* Access: The attack can be initiated remotely [2]. * Authentication: Exploitation requires the attacker to be authenticated to the device [1] [2]. * Mechanism: The vulnerability exists within the `cgi-bin/ddns_enc.cgi` script, which fails to properly sanitize input, allowing for the injection of arbitrary commands [1] [2].
Exploitation and Threat Landscape
  • Active Exploitation: There is no widely publicized evidence of widespread, automated exploitation in the wild or specific association with major ransomware campaigns. However, because it is a command injection vulnerability in network-facing hardware, it remains a potential target for attackers seeking to gain initial access to networks or to incorporate devices into botnets.
  • Proof-of-Concept: As with many vulnerabilities of this nature in IoT devices, proof-of-concept code or exploit scripts are often available in security research databases and on platforms like GitHub, which can be leveraged by malicious actors.
Mitigation
  • Patch Status: Users should ensure their devices are updated to the latest firmware versions provided by D-Link. For the DCS-2530L, this means ensuring the version is at least 1.06.01 Hotfix or later [1].
  • General Recommendations: If a patch is not available or the device is end-of-life, it is strongly recommended to isolate the device from the public internet (e.g., placing it behind a firewall or on a restricted VLAN) and ensure that default credentials are changed to prevent unauthorized authentication.

Sources

  1. CVE-2020-25079 Detail - NVD

    An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. cgi-bin/ddns_enc.cgi allows authenticated command ... Secure .gov websites use HTTPS A lock () or https:// means you've safely connected to the .gov website. Share sensitive information only on offi…

  2. CVE-2020-25079 D-Link DCS-2530L/DCS-2670L ddns_enc ...

    This vulnerability was named CVE-2020-25079 since 09/02/2020. The attack can be initiated remotely. The successful exploitation requires a single authentication ... A vulnerability classified as critical was found in D-Link DCS-2530L and DCS-2670L. This vulnerability affects unknown code of the file…

  3. CVE-2020-25079 | Dlink - Command Injection

    HIGH severity (CVSS 8.8). Details, affected products, CISA KEV status, exploits, and remediation guidance. Full vulnerability analysis. ... CVE-2020-25079 - Command Injection in Dlink. HIGH severity (CVSS 8.8). Details, affected products, CISA KEV status, exploits, and remediation guidance. Full vul…

  4. CVE-2020-25079 - D-Link DCS-2530L and... - SecAlerts

    First published: Wed Sep 02 2020(Updated: 1 month ago). An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. cgi-bin/ddns_enc.cgi allows authenticated command injection.CVE-2020-25079 is classified as a high severity vulnerability due to the potential…

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed