CVE-2017-16934

CRITICAL

dbltek web_server - Authenticated OS Command Injection via change_password.csp passwd Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-16934. PoCs published by SecuriTeam.

AI-analyzed exploit summary This exploit demonstrates an unauthenticated remote command execution vulnerability in DblTek webserver by combining a local file inclusion to leak admin credentials and a command injection in the password change functionality.

Description

The web server on DBL DBLTek devices allows remote attackers to execute arbitrary OS commands by obtaining the admin password via a frame.html?content=/dev/mtdblock/5 request, and then using this password for the HTTP Basic Authentication needed for a change_password.csp request, which supports a "<%%25call system.exec:" string in the passwd parameter.

Exploits (1)

exploitdb WORKING POC

by SecuriTeam · webappslinux

https://www.exploit-db.com/exploits/44051

View Code ZIP pw:eip

This exploit demonstrates an unauthenticated remote command execution vulnerability in DblTek webserver by combining a local file inclusion to leak admin credentials and a command injection in the password change functionality.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: DblTek webserver (GoIP devices)

No auth needed

Prerequisites: Network access to the target device

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1005 - Data from Local System

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_misc

https://blogs.securiteam.com/index.php/archives/3437

Scores

CVSS v3 9.8

EPSS 0.1346

EPSS Percentile 95.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (1)

dbltek/web_server

Published Nov 24, 2017

Tracked Since Feb 18, 2026