CRITICAL🇵🇱 Wersja polska

CVE-2023-48842

CVSS 9.8v3.1pub. 2023-12-01upd. 2025-06-03

D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at hedwig.cgi.

🤖 AI Analysis
How it works

The vulnerability is located in a CGI script named hedwig.cgi, which processes HTTP requests without proper validation of the 'service' parameter. An attacker can place malicious system commands in this parameter, which will be executed by the device with the privileges of the process handling the request. The attack does not require authentication or user interaction, and can be executed remotely over the network.

Impact

An attacker can gain full control over the device by executing arbitrary system commands — leading to violations of confidentiality, integrity, and system availability. Possible consequences include device takeover, network configuration changes, and using the router as an entry point to the local network (lateral movement).

Mitigation & patch

Patches available from the manufacturer should be applied according to references. If an update is not available, it is recommended to restrict access to the device's administrative interface exclusively to trusted local networks and disable access to the management panel from the WAN network.

Who is affected

D-Link Go-RT-AC750 revA_v101b03 (firmware)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Dlink Go Rt Ac750

    HW
    Dlink
    revision_a
  • Dlink Go Rt Ac750 Firmware

    OS
    Dlink
    101b03
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Command Injection
CWE
References

Related vulnerabilities

CVE-2022-37055CRITICAL9.8⚠ KEVten sam produkt

D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Buffer Overflow via...

CVE-2024-27683CRITICAL9.8PL ✓ten sam produkt

Stack-based buffer overflow w D-Link Go-RT-AC750 via funkcja hnap_main

CVE-2024-22853CRITICAL9.8PL ✓ten sam produkt

D-Link Go-RT-AC750: hardcoded hasło umożliwia zdalny dostęp root przez telnet

CVE-2024-22852CRITICAL9.8PL ✓ten sam produkt

Stack-based buffer overflow w D-Link Go-RT-AC750 — aktywacja usługi telnet

CVE-2024-22916CRITICAL9.8PL ✓ten sam produkt

Stack overflow w D-LINK Go-RT-AC750 — funkcja sprintf w cgibin