The SentinelOne Annual Threat Report - A Defenders Guide from the FrontlinesThe SentinelOne Annual Threat ReportGet the Report
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI for Security
      Leading the Way in AI-Powered Security Solutions
    • Securing AI
      Accelerate AI Adoption with Secure AI Tools, Apps, and Agents.
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    • Singularity Identity
      Identity Threat Detection and Response
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-Powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Securing AI
    • Prompt Security
      Secure AI Tools Across Your Enterprise
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-Class Expertise and Threat Intelligence
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      DFIR, Breach Readiness, & Compromise Assessments
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive Solutions for Seamless Security Operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • SentinelOne for Google Cloud
      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale
    • Partner Locator
      Your Go-to Source for Our Top Partners in Your Region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2020-25078

CVE-2020-25078: D-Link DCS Information Disclosure Flaw

CVE-2020-25078 is an information disclosure vulnerability in D-Link DCS-2530L and DCS-2670L cameras that exposes administrator passwords via an unauthenticated endpoint. This article covers technical details, affected versions, and mitigation.

Published: March 4, 2026

CVE-2020-25078 Overview

CVE-2020-25078 is an information disclosure vulnerability affecting multiple D-Link DCS series IP cameras. The vulnerability exists in the /config/getuser endpoint, which fails to require authentication before returning sensitive user configuration data. An unauthenticated remote attacker can exploit this endpoint to retrieve administrator credentials in plaintext, leading to complete device compromise.

Critical Impact

This vulnerability allows unauthenticated remote attackers to obtain administrator passwords from affected D-Link cameras, enabling full device takeover and potential use in botnet operations. This vulnerability is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, indicating active exploitation in the wild.

Affected Products

  • D-Link DCS-2530L (firmware before 1.06.01 Hotfix)
  • D-Link DCS-2670L (firmware through 2.02)
  • D-Link DCS-4603
  • D-Link DCS-4622
  • D-Link DCS-4701E
  • D-Link DCS-4703E
  • D-Link DCS-4705E
  • D-Link DCS-4802E
  • D-Link DCS-P703

Discovery Timeline

  • 2020-09-02 - CVE-2020-25078 published to NVD
  • 2025-11-07 - Last updated in NVD database

Technical Details for CVE-2020-25078

Vulnerability Analysis

This vulnerability represents a critical authentication bypass in the web management interface of affected D-Link IP cameras. The /config/getuser endpoint is designed to retrieve user account information, including administrator credentials. However, the endpoint fails to implement proper authentication checks, allowing any network-accessible attacker to query this endpoint without providing valid credentials.

When exploited, the vulnerable endpoint returns the administrator username and password in cleartext. This information disclosure is particularly severe because it directly leads to full administrative access to the camera, enabling attackers to modify device settings, access live video feeds, pivot to other network resources, or enlist the device in IoT botnets.

The vulnerability is classified under CWE-NVD-CWE-noinfo, though it fundamentally represents broken access control and missing authentication for a critical function. The attack requires no user interaction and can be executed remotely over the network by any attacker who can reach the camera's web interface.

Root Cause

The root cause of CVE-2020-25078 is the absence of authentication enforcement on the /config/getuser endpoint within the camera's embedded web server. This represents a design flaw where a sensitive administrative endpoint was exposed without implementing the necessary access controls. The firmware developers failed to apply authentication middleware or session validation to this particular API route, despite it handling highly sensitive credential data.

Attack Vector

An attacker can exploit this vulnerability by sending a simple HTTP GET request to the /config/getuser endpoint on an affected D-Link camera. The attack is trivial to execute and requires no authentication, no valid session, and no user interaction.

The exploitation flow is straightforward:

  1. The attacker identifies a vulnerable D-Link DCS camera accessible over the network
  2. A direct HTTP request is sent to the /config/getuser endpoint
  3. The camera responds with administrator credentials in plaintext
  4. The attacker uses these credentials to gain full administrative control

Due to the simplicity of exploitation and the high value of the disclosed information, this vulnerability is highly attractive for IoT botnet operators and opportunistic attackers scanning for vulnerable devices.

Detection Methods for CVE-2020-25078

Indicators of Compromise

  • HTTP GET requests to /config/getuser endpoint from external or unauthorized IP addresses
  • Unusual administrative login activity following credential disclosure
  • Configuration changes made to the camera by unauthorized users
  • Network scanning activity targeting D-Link camera web interfaces on common ports (80, 443)

Detection Strategies

  • Monitor network traffic for HTTP requests containing /config/getuser in the URI path
  • Implement IDS/IPS rules to detect and alert on access attempts to the vulnerable endpoint
  • Review web server logs on D-Link cameras for requests to configuration endpoints
  • Deploy network monitoring to identify reconnaissance activity targeting IoT devices

Monitoring Recommendations

  • Segment IoT devices including IP cameras on isolated network VLANs to limit exposure
  • Configure firewall rules to restrict access to camera web interfaces from trusted management networks only
  • Enable logging on network devices to capture traffic to and from IoT endpoints
  • Implement anomaly detection for unusual credential usage or configuration changes on camera devices

How to Mitigate CVE-2020-25078

Immediate Actions Required

  • Apply the firmware hotfix released by D-Link for affected DCS camera models immediately
  • Restrict network access to camera management interfaces using firewall rules or VLANs
  • Change administrator passwords on all affected devices after patching
  • Audit camera configurations for unauthorized changes that may indicate prior compromise
  • Consider replacing end-of-life devices that will not receive firmware updates

Patch Information

D-Link has released firmware updates to address this vulnerability. For the DCS-2530L, update to firmware version 1.06.01 Hotfix or later. For other affected models, consult the D-Link Security Advisory SAP10180 for specific firmware versions and download links. Additional product support information is available from the D-Link Support Portal.

Workarounds

  • Isolate affected cameras from the internet and untrusted networks until patching is complete
  • Implement network-level access controls to restrict access to the camera's web interface to authorized management systems only
  • Deploy a reverse proxy or web application firewall in front of camera interfaces to block requests to the /config/getuser endpoint
  • Disable remote management features if not required for operations
  • Monitor for exploitation attempts using network intrusion detection systems

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypeInformation Disclosure
  • Vendor/TechDlink
  • SeverityHIGH
  • CVSS Score7.5
  • EPSS Probability94.15%
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Impact Assessment
  • ConfidentialityLow
  • IntegrityNone
  • AvailabilityNone
  • CISA KEV Information
  • In CISA KEVYes
  • CWE References
  • NVD-CWE-noinfo
  • Technical References
  • Dogon Security Twitter Update
  • D-Link Product Information DCS-2530L
  • CISA Known Exploited Vulnerabilities CVE-2020-25078
  • Vendor Resources
  • D-Link Security Advisory SAP10180
  • Related CVEs
  • CVE-2026-2054: D-Link DIR-605L/619L Info Disclosure Flaw
  • CVE-2026-2055: D-Link DIR-605L/619L Info Disclosure Flaw
  • CVE-2025-45784: Dlink DPH-400SE Information Disclosure
  • CVE-2026-5215: D-Link DNR-202L Auth Bypass Vulnerability
Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2026 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use

English