CVE-2022-37055
CVE-2022-37055
In short
The D-Link Go-RT-AC750 router has a critical flaw that allows attackers to overflow a memory buffer through the web interface, potentially taking complete control of the device without needing a password.
Technical detail
A buffer overflow vulnerability exists in the cgibin hnap_main handler affecting D-Link Go-RT-AC750 firmware versions revA_v101b03 and revB_FWv200b02. Remote unauthenticated attackers can exploit this via crafted HTTP requests to execute arbitrary code with device privileges, achieving complete system compromise.
Summary generated and translated by AI from the official description.
D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Buffer Overflow via cgibin, hnap_main,
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://drive.google.com/file/d/1hmIk0jQoex4QDyjIUg_6yxi-J6ROCh8S/view?usp=sharinghttps://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10308https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-37055https://www.dlink.com/en/security-bulletin/https://www.fortiguard.com/outbreak-alert/d-link-multiple-devices-attack