CVE-2016-20017

CRITICAL 9.8

⚠️ CISA KEV

CVSS Score

9.8

EPSS Score

0.0%

EPSS Percentile

0th

D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as exploited in the wild in 2016 through 2022.

Vendor	n/a
Product	n/a
Published	Oct 19, 2022
Last Updated	Oct 21, 2025

⚠️ Actively Exploited — Act Now

Get instant alerts for n/a n/a

This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2016-20017.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

n/a / n/a

n/a

References

NVD ↗ CVE.org ↗ EPSS Data ↗

supportannouncement.us.dlink.com: https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10088 seclists.org: https://seclists.org/fulldisclosure/2016/Feb/53 exploit-db.com: https://www.exploit-db.com/exploits/44760 cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-20017