CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2016-20017

CVSS 9.8v3.1pub. 2022-10-19upd. 2025-11-05

D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as exploited in the wild in 2016 through 2022.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Dlink Dsl 2750b

    HW
    Dlink
    wszystkie wersje
  • Dlink Dsl 2750b Firmware

    OS
    Dlink
    < 1.05

CISA KEV — detailsi

Vendori
D-Link
Producti
DSL-2750B Devices
Added to KEVi
January 8, 2024
Remediation deadline (US Federal)i
January 29, 2024(overdue)
Required action (CISA)i

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

CISA descriptioni

D-Link DSL-2750B devices contain a command injection vulnerability that allows remote, unauthenticated command injection via the login.cgi cli parameter.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 29 stycznia 2024
CWE
References

Related vulnerabilities

CVE-2024-3272CRITICAL9.8⚠ KEVPL ✓ten sam vendor

D-Link DNS-320L/325/327L/340L — zakodowane na stałe poświadczenia (hard-coded credentials)

CVE-2023-25280CRITICAL9.8⚠ KEVten sam vendor

OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to roo...

CVE-2022-37055CRITICAL9.8⚠ KEVten sam vendor

D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Buffer Overflow via...

CVE-2022-26258CRITICAL9.8⚠ KEVten sam vendor

D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP POST t...

CVE-2021-45382CRITICAL9.8⚠ KEVten sam vendor

A Remote Command Execution (RCE) vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW...