Dbltek

dbltek

1 CVE • 1 product

Products (1)

Click to collapse

Toggle

Web Server

web_server

1 CVE

CVEs (1)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-16934 1Dbltek 1Web Server May 13, 2026 Nov 24, 2017 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 The web server on DBL DBLTek devices allows remote attackers to execute arbitrary OS commands by obtaining the admin password via a frame.html?content=/dev/mtdblock/5 request, and then using this password for the HTTP Ba...Show more The web server on DBL DBLTek devices allows remote attackers to execute arbitrary OS commands by obtaining the admin password via a frame.html?content=/dev/mtdblock/5 request, and then using this password for the HTTP Basic Authentication needed for a change_password.csp request, which supports a "<%%25call system.exec:" string in the passwd parameter.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2017-16934

1Dbltek

1Web Server

May 13, 2026

Nov 24, 2017

N/A· v4

9.8 CRITICAL· v3

10.0 HIGH· v2

The web server on DBL DBLTek devices allows remote attackers to execute arbitrary OS commands by obtaining the admin password via a frame.html?content=/dev/mtdblock/5 request, and then using this password for the HTTP Basic Authentication needed for a change_password.csp request, which supports a "<%%25call system.exec:" string in the passwd parameter.Show less