CRITICAL🇵🇱 Wersja polska

CVE-2024-22852

CVSS 9.8v3.1pub. 2024-02-06upd. 2025-05-15

D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buffer overflow via the function genacgi_main. This vulnerability allows attackers to enable telnet service via a specially crafted payload.

🤖 AI Analysis
How it works

The vulnerability occurs in the genacgi_main function, which does not properly validate the length of input data, leading to a stack-based buffer overflow. An attacker can send a specially crafted network payload that overwrites the stack area and manipulates the program's execution flow. As a result, it is possible to force the telnet service to run on the device, opening the door for further unauthorized access.

Impact

An attacker can activate the telnet service on the vulnerable device, leading to potential unauthorized access to the router's system shell. This results in a complete breach of the device's confidentiality, integrity, and availability.

Mitigation & patch

Apply patches available from the manufacturer according to references (https://www.dlink.com/en/security-bulletin/). Until updates are applied, it is recommended to restrict access to the device's administrative interface only to trusted local networks and block access to the device from the Internet.

Who is affected

D-Link Go-RT-AC750, firmware version GORTAC750_A1_FW_v101b03

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Dlink Go Rt Ac750

    HW
    Dlink
    wszystkie wersje
  • Dlink Go Rt Ac750 Firmware

    OS
    Dlink
    101b03
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2022-37055CRITICAL9.8⚠ KEVten sam produkt

D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Buffer Overflow via...

CVE-2024-27683CRITICAL9.8PL ✓ten sam produkt

Stack-based buffer overflow w D-Link Go-RT-AC750 via funkcja hnap_main

CVE-2024-22853CRITICAL9.8PL ✓ten sam produkt

D-Link Go-RT-AC750: hardcoded hasło umożliwia zdalny dostęp root przez telnet

CVE-2024-22916CRITICAL9.8PL ✓ten sam produkt

Stack overflow w D-LINK Go-RT-AC750 — funkcja sprintf w cgibin

CVE-2023-48842CRITICAL9.8PL ✓ten sam produkt

Command injection w D-Link Go-RT-AC750 via hedwig.cgi