P@Ql

**Name of the Vulnerable Software and Affected Versions** D-Link DSL-2750B versions prior to 1.05 **Description** The issue allows remote unauthenticated command injection via the `login.cgi` `cli` parameter. This has been exploited in the wild from 2016 through 2022. The vulnerability is related to the lack of input sanitization on the management level, which can allow a remote attacker to execute arbitrary commands. **Recommendations** For versions prior to 1.05, update to version 1.05 or later to resolve the issue. As a temporary workaround, consider restricting access to the `login.cgi` endpoint until a patch is available. Avoid using the `cli` parameter in the `login.cgi` endpoint until the issue is resolved.