{"id":"CVE-2020-25078","details":"An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint allows for remote administrator password disclosure.","modified":"2026-03-14T10:22:16.758792Z","published":"2020-09-02T16:15:12.627Z","references":[{"type":"WEB","url":"https://support.dlink.com/productinfo.aspx?m=DCS-2530L"},{"type":"WEB","url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-25078"},{"type":"ADVISORY","url":"https://twitter.com/Dogonsecurity/status/1273251236167516161"},{"type":"FIX","url":"https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10180"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-25078.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"1.04.02"}]},{"events":[{"introduced":"0"},{"fixed":"2.01.10"}]},{"events":[{"introduced":"0"},{"fixed":"2.03.01"}]},{"events":[{"introduced":"0"},{"fixed":"1.03.04"}]},{"events":[{"introduced":"0"},{"fixed":"1.03.02"}]},{"events":[{"introduced":"0"},{"fixed":"2.01.01"}]},{"events":[{"introduced":"0"},{"last_affected":"1.05.05"}]},{"events":[{"introduced":"0"},{"fixed":"2.03.00"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}