CRITICAL🇵🇱 Wersja polska

CVE-2024-27683

CVSS 9.8v3.1pub. 2024-04-11upd. 2025-06-17

D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buffer overflow via the function hnap_main. An attacker can send a POST request to trigger the vulnerablilify.

🤖 AI Analysis
How it works

The vulnerability results from improper input handling in the hnap_main function, where lack of proper data length validation leads to a stack-based buffer overflow (CWE-121). An attacker can send a specially crafted POST request to the device's HNAP interface, causing stack memory areas to be overwritten. This can result in hijacking program execution flow control and executing arbitrary code.

Impact

An unauthenticated remote attacker can gain full control of the device, including the ability to read and modify configuration, intercept network traffic, and permanently compromise the router.

Mitigation & patch

Patches available from the manufacturer should be applied in accordance with the references (D-Link Security Bulletin: https://www.dlink.com/en/security-bulletin/). Until an update is applied, it is recommended to restrict access to the device's administrative interface to trusted networks only and disable remote management functionality.

Who is affected

D-Link Go-RT-AC750 with firmware version GORTAC750_A1_FW_v101b03

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Dlink Go Rt Ac750

    HW
    Dlink
    a1
  • Dlink Go Rt Ac750 Firmware

    OS
    Dlink
    101b03
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2022-37055CRITICAL9.8⚠ KEVten sam produkt

D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Buffer Overflow via...

CVE-2024-22852CRITICAL9.8PL ✓ten sam produkt

Stack-based buffer overflow w D-Link Go-RT-AC750 — aktywacja usługi telnet

CVE-2024-22853CRITICAL9.8PL ✓ten sam produkt

D-Link Go-RT-AC750: hardcoded hasło umożliwia zdalny dostęp root przez telnet

CVE-2024-22916CRITICAL9.8PL ✓ten sam produkt

Stack overflow w D-LINK Go-RT-AC750 — funkcja sprintf w cgibin

CVE-2023-48842CRITICAL9.8PL ✓ten sam produkt

Command injection w D-Link Go-RT-AC750 via hedwig.cgi