CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 2CVE-2016-20017 – D-Link DSL-2750B Devices Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2016-20017
D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as exploited in the wild in 2016 through 2022. Los dispositivos D-Link DSL-2750B versiones anteriores a 1.05, permiten una inyección remota de comandos no autenticados por medio del parámetro cli login.cgi, como ha sido explotado "in the wild" en 2016 hasta 2022 D-Link DSL-2750B devices contain a command injection vulnerability that allows remote, unauthenticated command injection via the login.cgi cli parameter. • https://seclists.org/fulldisclosure/2016/Feb/53 https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10088 https://www.exploit-db.com/exploits/44760 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •