CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Jan 29, 2024

CVE-2016-20017

High

EPSS 93.4%CISA KEV

D-Link/DSL-2750B Devices

Description

D-Link DSL-2750B devices contain a command injection vulnerability that allows remote, unauthenticated command injection via the login.cgi cli parameter.

EPSS — Exploit Probability

93.4%

Higher than 99.8% of all CVEs

Required Action

https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10088; https://nvd.nist.gov/vuln/detail/CVE-2016-20017

Risk Assessment

HIGH

In CISA KEV

High EPSS

Details

Severity: High
EPSS: 93.4%
CISA KEV: Yes
Ransomware: Unknown
Articles: 0

Timeline

Published

Jan 8, 2024

Added to KEV

Jan 8, 2024

Remediation Due

Jan 29, 2024

Affected Product

D-Link

DSL-2750B Devices

View all D-Link CVEs

External Links

NVD (NIST)CVE Details MITRE CVE