D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buffer overflow via the function genacgi_main. This vulnerability allows attackers to enable telnet service via a specially crafted payload.
The vulnerability occurs in the genacgi_main function, which does not properly validate the length of input data, leading to a stack-based buffer overflow. An attacker can send a specially crafted network payload that overwrites the stack area and manipulates the program's execution flow. As a result, it is possible to force the telnet service to run on the device, opening the door for further unauthorized access.
An attacker can activate the telnet service on the vulnerable device, leading to potential unauthorized access to the router's system shell. This results in a complete breach of the device's confidentiality, integrity, and availability.
Apply patches available from the manufacturer according to references (https://www.dlink.com/en/security-bulletin/). Until updates are applied, it is recommended to restrict access to the device's administrative interface only to trusted local networks and block access to the device from the Internet.
D-Link Go-RT-AC750, firmware version GORTAC750_A1_FW_v101b03
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDlink Go Rt Ac750
HWDlinkwszystkie wersjeDlink Go Rt Ac750 Firmware
OSDlink101b03
Related vulnerabilities
D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Buffer Overflow via...
Stack-based buffer overflow w D-Link Go-RT-AC750 via funkcja hnap_main
D-Link Go-RT-AC750: hardcoded hasło umożliwia zdalny dostęp root przez telnet
Stack overflow w D-LINK Go-RT-AC750 — funkcja sprintf w cgibin
Command injection w D-Link Go-RT-AC750 via hedwig.cgi