CVE-2016-20017
Description
D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as exploited in the wild in 2016 through 2022.
In plain language
AI Act nowD-Link DSL-2750B routers running firmware older than 1.05 can be taken over remotely without a login, by abusing a request to a web login page; if you still use one, you should act now.
CVE-2016-20017 is an unauthenticated remote command injection in D-Link DSL-2750B via the login.cgi cli parameter; attackers can send a crafted network request to execute commands, and it’s been confirmed in the CISA KEV program with a required action date.
What to do now
- Check your D-Link DSL-2750B firmware version in the router’s admin interface (or the device label) and determine whether it is older than 1.05.
- If it is older than 1.05, upgrade the router firmware to 1.05 or newer.
- If you cannot update to 1.05+, discontinue use of the DSL-2750B and replace it with a supported model/firmware.
- After updating/replacing, verify the device is reachable only from trusted networks (not the public internet) and review any router/admin access logs for unusual requests.
CVSS Vector Breakdown
AV:NAttack VectorAC:LAttack ComplexityPR:NPrivileges RequiredUI:NUser InteractionS:UScopeC:HConfidentialityI:HIntegrityA:HAvailabilityWeaknesses
Affected Products
Exploitability
Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Exploit details including PoC links, Metasploit modules, and scanner templates are available after registration.
View exploit detailsAttack Graph
Click technique nodes for MITRE ATT&CK details · drag to pan · Ctrl/⌘ + scroll to zoom, or go fullscreen.
MITRE ATT&CK
1 techniqueReferences
Unlock Complete Vulnerability Intelligence
Get the full picture for CVE-2016-20017 and every CVE in our database. Create a free account — no credit card required.
Create Free Account