Remote Code Execution Vulnerability in D-Link DSR-250 Devices
CVE-2020-25758

8.8HIGH

Key Information:

Vendor: D-Link
Status: Dsr-150 Firmware
Vendor: CVE Published:; 15 December 2020

What is CVE-2020-25758?

A vulnerability exists in D-Link DSR-250 version 3.17 due to improper validation of configuration file checksums. This flaw enables a remote authenticated attacker to manipulate saved configurations by injecting arbitrary crontab entries. Once executed, these entries run with root privileges, potentially compromising the device and the network it is connected to. Immediate action is recommended to mitigate risks associated with this vulnerability.