Critical severity9.8NVD Advisory· Published Nov 24, 2017· Updated Jun 17, 2026
CVE-2017-16934
CVE-2017-16934
Description
The web server on DBL DBLTek devices allows remote attackers to execute arbitrary OS commands by obtaining the admin password via a frame.html?content=/dev/mtdblock/5 request, and then using this password for the HTTP Basic Authentication needed for a change_password.csp request, which supports a "<%%25call system.exec:" string in the passwd parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- cpe:2.3:a:dbltek:web_server:-:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
1- blogs.securiteam.com/index.php/archives/3437nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.