CVE-2016-20017
CRITICAL KEVD-Link DSL-2750B <1.05 - Command Injection
Title source: llmDescription
D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as exploited in the wild in 2016 through 2022.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotehardware
https://www.exploit-db.com/exploits/44760
metasploit
WORKING POC
GREAT
by p@ql · rubypoclinux
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/dlink_dsl2750b_exec_noauth.rb
References (4)
Scores
CVSS v3
9.8
EPSS
0.9209
EPSS Percentile
99.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CISA KEV
2024-01-08
VulnCheck KEV
2018-06-15
InTheWild.io
2017-01-01
ENISA EUVD
EUVD-2016-3105
CWE
CWE-77
Status
published
Products (1)
dlink/dsl-2750b_firmware
< 1.05
Published
Oct 19, 2022
KEV Added
Jan 08, 2024
Tracked Since
Feb 18, 2026