CVE Tools

Description

D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as exploited in the wild in 2016 through 2022.

In plain language

AI Act now

D-Link DSL-2750B routers running firmware older than 1.05 can be taken over remotely without a login, by abusing a request to a web login page; if you still use one, you should act now.

Executive summary

CVE-2016-20017 is an unauthenticated remote command injection in D-Link DSL-2750B via the login.cgi cli parameter; attackers can send a crafted network request to execute commands, and it’s been confirmed in the CISA KEV program with a required action date.

If affected, business impact
Full router compromiseTraffic interception or redirectionComplete service disruptionMalware persistence on network

What to do now

  1. Check your D-Link DSL-2750B firmware version in the router’s admin interface (or the device label) and determine whether it is older than 1.05.
  2. If it is older than 1.05, upgrade the router firmware to 1.05 or newer.
  3. If you cannot update to 1.05+, discontinue use of the DSL-2750B and replace it with a supported model/firmware.
  4. After updating/replacing, verify the device is reachable only from trusted networks (not the public internet) and review any router/admin access logs for unusual requests.
Patch / advisory Usually a quick update

CVSS Vector Breakdown

AV:NAC:LPR:NUI:NS:UC:HI:HA:H
Exploitability
AV:NAttack Vector
Network
AC:LAttack Complexity
Low
PR:NPrivileges Required
None
UI:NUser Interaction
None
Scope
S:UScope
Unchanged
Impact
C:HConfidentiality
High
I:HIntegrity
High
A:HAvailability
High

Weaknesses

Affected Products

D-Link Corp.
commercial·TWaka dlink, d-link international, d-link corporation
and 1 more affected products View all →

Exploitability

CISA Known Exploited Vulnerability
Added to KEV:Jan 8, 2024
Remediation due:Jan 29, 2024

Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

1 exploit source identified

Exploit details including PoC links, Metasploit modules, and scanner templates are available after registration.

View exploit details
Official Patch Available

Attack Graph

Products CVE Techniques Tactics

Click technique nodes for MITRE ATT&CK details · drag to pan · Ctrl/ + scroll to zoom, or go fullscreen.

MITRE ATT&CK

1 technique
Execution
View detailed technique mapping

References

and 4 more references View all →
1

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2016-20017 and every CVE in our database. Create a free account — no credit card required.

Create Free Account
Plain-language analysis
Impact assessment and exploitation scenario in plain English
Attack graph visualization
Interactive attack path and kill chain mapping
Exploit details & PoC links
ExploitDB, Metasploit, GitHub PoCs with direct links
Nuclei scanner templates
Ready-to-use vulnerability scanner templates
Full remediation guide
Patch instructions, workarounds, and compliance impact
Interactive AI chat
Ask questions about this vulnerability in natural language
Related vulnerabilities
Semantically similar CVEs and attack patterns
REST API & MCP access
Integrate vulnerability data into your workflows