CVE-2020-25078

HIGH - CVSS 7.5NVD-CWE-noinfo

Published: 9/2/2020

Modified: 11/7/2025

An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint allows for remote administrator password disclosure.

Vulnerability Summary

CVSS v3 Score

7.5HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2 Score

AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE Classification

NVD-CWE-noinfo