KEVIntel
Back to KEVs
9.8
CVSS
Critical

CVE-2016-20017

PUBLISHED

D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as exploited in the wild in...

Exploited in the wild Remote Low complexity No user interaction
Vendor
D-Link
Product
DSL-2750B
Published
Oct 19, 2022
EPSS

Description

D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as exploited in the wild in 2016 through 2022.

cisa

CVSS scores

CVSS v3.1 9.8 Critical

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation status

Exploited in the wild

Recorded 2024-01-08 00:00:00 UTC · Source

SSVC decision points

Exploitation
active
Automatable
Yes
Technical impact
total

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
CISA Jan 08, 2024

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel