← Voltar para CVEs
CVE-2016-20017
CRITICALCISA KEV9.8
Descricao
D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as exploited in the wild in 2016 through 2022.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado10/19/2022
Ultima modificacao11/5/2025
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorD-Link
ProdutoDSL-2750B Devices
Nome da vulnerabilidadeD-Link DSL-2750B Devices Command Injection Vulnerability
Data inclusao KEV2024-01-08
Prazo de remediacao2024-01-29
Uso em ransomwareUnknown
Produtos afetados
dlink:dsl-2750bdlink:dsl-2750b_firmware
Fraquezas (CWE)
CWE-77CWE-77
Referencias
https://seclists.org/fulldisclosure/2016/Feb/53(cve@mitre.org)
https://www.exploit-db.com/exploits/44760(cve@mitre.org)
https://seclists.org/fulldisclosure/2016/Feb/53(af854a3a-2127-422b-91ae-364da2661108)
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10088(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/44760(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-20017(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.