CRITICAL🇵🇱 Wersja polska

CVE-2024-22916

CVSS 9.8v3.1pub. 2024-01-16upd. 2024-11-21

In D-LINK Go-RT-AC750 v101b03, the sprintf function in the sub_40E700 function within the cgibin is susceptible to stack overflow.

🤖 AI Analysis
How it works

The sprintf function in the sub_40E700 procedure of the cgibin interface does not perform adequate verification of the size of data written to the stack. An attacker can provide specially crafted input data that exceeds the allocated stack buffer, overwriting adjacent memory areas. Due to the network vector (AV:N) and lack of authentication requirements (PR:N) and user interaction (UI:N), the exploit can be carried out remotely over the network.

Impact

Successful exploitation of the vulnerability may allow an attacker to gain full control of the device, including arbitrary code execution (RCE), reading and modifying configuration data, and permanently compromising the router's availability.

Mitigation & patch

Apply patches available from the manufacturer according to the references — detailed information about updates is published in the D-LINK security bulletin at https://www.dlink.com/en/security-bulletin/. Until updates are implemented, it is recommended to restrict access to the device management interface only to trusted IP addresses and disable remote access to the administrative panel.

Who is affected

D-LINK Go-RT-AC750 firmware version v101b03

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Dlink Go Rt Ac750

    HW
    Dlink
    wszystkie wersje
  • Dlink Go Rt Ac750 Firmware

    OS
    Dlink
    101b03
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2022-37055CRITICAL9.8⚠ KEVten sam produkt

D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Buffer Overflow via...

CVE-2024-27683CRITICAL9.8PL ✓ten sam produkt

Stack-based buffer overflow w D-Link Go-RT-AC750 via funkcja hnap_main

CVE-2024-22852CRITICAL9.8PL ✓ten sam produkt

Stack-based buffer overflow w D-Link Go-RT-AC750 — aktywacja usługi telnet

CVE-2024-22853CRITICAL9.8PL ✓ten sam produkt

D-Link Go-RT-AC750: hardcoded hasło umożliwia zdalny dostęp root przez telnet

CVE-2023-48842CRITICAL9.8PL ✓ten sam produkt

Command injection w D-Link Go-RT-AC750 via hedwig.cgi