What is CVE-2016-20017?

A critical command injection vulnerability exists in D-Link DSL-2750B devices, allowing remote unauthenticated access. Organizations must act swiftly to mitigate risks associated with this vulnerability.

What is the severity of CVE-2016-20017?

CVE-2016-20017 has a severity rating of CRITICAL with a CVSS base score of 9.8.

Is CVE-2016-20017 in CISA KEV?

Yes. CVE-2016-20017 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. Organizations should prioritize remediation.

CVE-2016-20017 | Critical Vulnerability in D-Link DSL-2750B Devices

D-Link DSL-2750B devices prior to firmware version 1.05 are affected by a critical command injection vulnerability. This vulnerability allows remote unauthenticated attackers to execute arbitrary commands on the affected devices via the login.cgi cli parameter. The exploitation of this vulnerability has been observed in the wild from 2016 through 2022, posing significant threats to network security. With a CVSS score of 9.8, the severity of this vulnerability necessitates immediate action from organizations to safeguard their infrastructure.

Given the critical nature of this vulnerability, the risk to organizations includes potential unauthorized access to sensitive information and the ability to manipulate device settings or other connected systems. Attackers may leverage this vulnerability to compromise network integrity and confidentiality. Organizations should prioritize patching immediately to mitigate these risks and protect their assets.

As this vulnerability has been assigned a CVSS score of 9.8, it is classified as critical, indicating that it is highly exploitable and has severe impacts. Organizations using D-Link DSL-2750B devices should take immediate action to address this vulnerability, especially given its long exposure window.

The urgency for defenders is high. Applying the recommended patches or updates provided by the vendor is essential. Organizations must ensure that they are operating on the latest firmware to protect against this vulnerability effectively.

Vulnerability Details

The vulnerability allows remote unauthenticated command injection via the login.cgi cli parameter. The affected devices include D-Link DSL-2750B units running firmware versions prior to 1.05. The vulnerability has a CVSS 3.1 score of 9.8, indicating critical severity.

The official CVE description states: "D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as exploited in the wild in 2016 through 2022." This clearly outlines the nature of the vulnerability and the potential attack vector.

The Common Weakness Enumeration (CWE) classification for this vulnerability is CWE-77, indicating a command injection issue. The vulnerability was published on October 19, 2022, and has been analyzed for its impact and exploitability.

Technical Analysis

The root cause of this vulnerability is the improper validation of user input in the login.cgi component of the D-Link DSL-2750B firmware. The attack vector is network-based, allowing attackers to exploit the vulnerability from anywhere with network access to the device. The attack complexity is low, requiring no special conditions or authorization.

The privilege required for exploitation is none, and user interaction is not needed. The impact on confidentiality, integrity, and availability is classified as high, meaning that successful exploitation can lead to significant disruptions and unauthorized access.

Risk & Impact Analysis

The real-world deployment risk associated with this vulnerability is substantial. Organizations utilizing D-Link DSL-2750B devices may face unauthorized access and manipulation of their network settings, which could lead to broader security breaches. The potential blast radius is significant, as attackers could leverage compromised devices to target additional systems within the same network.

Given the critical severity rating, organizations should address this vulnerability in their priority patch cycle. The urgency to remediate is heightened by the ongoing exploitation of this vulnerability, which has been acknowledged in the KEV catalog.

Furthermore, the EPSS score of 0.9209 places this vulnerability in the 99th percentile, suggesting a very high probability of exploitation in the wild. Organizations should consider this risk when assessing their security posture.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	Yes
Ransomware Use	No

Affected Versions

D-Link DSL-2750B devices running all firmware versions prior to 1.05 are affected by this vulnerability. Organizations should verify their devices to ensure they are running the patched version to mitigate the risk associated with this vulnerability.

Mitigation & Remediation

D-Link has released a patch for the DSL-2750B devices to address this vulnerability. Organizations should apply the latest firmware update, version 1.05 or above, as per the vendor's instructions. If a patch is not available, organizations should consider discontinuing the use of the affected products to prevent potential exploitation.

For further details regarding the patch, organizations can refer to the official D-Link advisory at D-Link support page. Additionally, implementing network controls such as firewalls and monitoring can help detect potential exploitation attempts.

Detection Guidance

To detect potential exploitation of this vulnerability, organizations should monitor logs for unusual command executions or unexpected changes to device configurations. Behavioral anomalies such as unauthorized access attempts should also be investigated. Network signatures may help in identifying malicious traffic targeting the affected devices.

AppSecure Threat Intelligence Insight

The long-term significance of this vulnerability lies in its potential to expose critical network infrastructure to unauthorized access and manipulation. This incident highlights the importance of maintaining updated firmware and security practices in network devices. Organizations should consider implementing a comprehensive vulnerability management program to regularly assess and remediate vulnerabilities in their systems.

In conclusion, organizations should prioritize the assessment and mitigation of vulnerabilities such as CVE-2016-20017 to enhance their security posture. Engaging in proactive security measures, including regular penetration testing, can further help in identifying and addressing similar weaknesses before they can be exploited.

Lastly, security teams should remain informed about the evolving threat landscape, ensuring they are prepared for emerging vulnerabilities and attack vectors. Continuous education and awareness training within the organization can foster a culture of security.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2016-20017: Critical Vulnerability in D-Link DSL-2750B Devices