CVE-2016-20017
D-Link DSL-2750B Devices Command Injection Vulnerability
CVSS
—
No CVSS
EPSS
60.4%
p99
KEV
YES
Jan 8, 2024
Exploit Today
80
0-100
Published: — · Last modified: —
Product
D-Link / DSL-2750B Devices
Vulnerability
D-Link DSL-2750B Devices Command Injection Vulnerability
Added to KEV
Jan 8, 2024
Remediate by
Jan 29, 2024
Known ransomware use
No
Summary description
D-Link DSL-2750B devices contain a command injection vulnerability that allows remote, unauthenticated command injection via the login.cgi cli parameter.
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10088; https://nvd.nist.gov/vuln/detail/CVE-2016-20017
No related CVEs by CWE or product.