Dlink Go-Rt-Ac750 Firmware vulnerabilities

15 known vulnerabilities affecting dlink/go-rt-ac750_firmware.

Total CVEs

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL12HIGH2MEDIUM1

Vulnerabilities

Page 1 of 1

CVE-2024-27683CRITICALCVSS 9.8v101b032024-04-11

CVE-2024-27683 [CRITICAL] CWE-121 CVE-2024-27683: D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buffer overflow via the function h D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buffer overflow via the function hnap_main. An attacker can send a POST request to trigger the vulnerablilify.

nvd

CVE-2024-27684MEDIUMCVSS 6.1v101b032024-03-04

CVE-2024-27684 [MEDIUM] CWE-79 CVE-2024-27684: A Cross-site scripting (XSS) vulnerability in dlapn.cgi, dldongle.cgi, dlcfg.cgi, fwup.cgi and seama A Cross-site scripting (XSS) vulnerability in dlapn.cgi, dldongle.cgi, dlcfg.cgi, fwup.cgi and seama.cgi in D-Link GORTAC750_A1_FW_v101b03 allows remote attackers to inject arbitrary web script or HTML via the url parameter.

nvd

CVE-2024-22853CRITICALCVSS 9.8v101b032024-02-06

CVE-2024-22853 [CRITICAL] CWE-798 CVE-2024-22853: D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 has a hardcoded password for the Alphanetworks account, w D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 has a hardcoded password for the Alphanetworks account, which allows remote attackers to obtain root access via a telnet session.

nvd

CVE-2024-22852CRITICALCVSS 9.8v101b032024-02-06

CVE-2024-22852 [CRITICAL] CWE-787 CVE-2024-22852: D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buffer overflow via the function g D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buffer overflow via the function genacgi_main. This vulnerability allows attackers to enable telnet service via a specially crafted payload.

nvd

CVE-2024-22916CRITICALCVSS 9.8v101b032024-01-16

CVE-2024-22916 [CRITICAL] CWE-787 CVE-2024-22916: In D-LINK Go-RT-AC750 v101b03, the sprintf function in the sub_40E700 function within the cgibin is In D-LINK Go-RT-AC750 v101b03, the sprintf function in the sub_40E700 function within the cgibin is susceptible to stack overflow.

nvd

CVE-2023-48842CRITICALCVSS 9.8v101b032023-12-01

CVE-2023-48842 [CRITICAL] CWE-77 CVE-2023-48842: D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at hedwig.cgi.

nvd

CVE-2023-34800CRITICALCVSS 9.8vreva_1.01b032023-06-15

CVE-2023-34800 [CRITICAL] CWE-78 CVE-2023-34800: D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at genacgi_main.

nvd

CVE-2023-26822CRITICALCVSS 9.8vreva_v101b032023-04-01

CVE-2023-26822 [CRITICAL] CWE-77 CVE-2023-26822: D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at soapcgi.main.

nvd

CVE-2022-37056CRITICALCVSS 9.8v2.00b02v1.01b032022-08-28

CVE-2022-37056 [CRITICAL] CWE-78 CVE-2022-37056: D-Link GO-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 is vulnerable to Command In D-Link GO-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 is vulnerable to Command Injection via /cgibin, hnap_main,

nvd

CVE-2022-37055CRITICALCVSS 9.8KEVv2.00b02v1.01b032022-08-28

CVE-2022-37055 [CRITICAL] CWE-120 CVE-2022-37055: D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Buffer Ov D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Buffer Overflow via cgibin, hnap_main,

nvd

CVE-2022-37057CRITICALCVSS 9.8v2.00b02v1.01b032022-08-28

CVE-2022-37057 [CRITICAL] CWE-78 CVE-2022-37057: D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Command I D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Command Injection via cgibin, ssdpcgi_main.

nvd

CVE-2022-36523CRITICALCVSS 9.8v101b03v200b022022-08-15

CVE-2022-36523 [CRITICAL] CWE-77 CVE-2022-36523: D-Link Go-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to command inje D-Link Go-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to command injection via /htdocs/upnpinc/gena.php.

nvd

CVE-2022-36525CRITICALCVSS 9.8v101b03v200b022022-08-15

CVE-2022-36525 [CRITICAL] CWE-120 CVE-2022-36525: D-Link Go-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to Buffer Overf D-Link Go-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to Buffer Overflow via authenticationcgi_main.

nvd

CVE-2022-36524HIGHCVSS 7.5v101b03v200b022022-08-15

CVE-2022-36524 [HIGH] CWE-287 CVE-2022-36524: D-Link GO-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to Static Defau D-Link GO-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to Static Default Credentials via /etc/init0.d/S80telnetd.sh.

nvd

CVE-2022-36526HIGHCVSS 7.5v101b03v200b022022-08-15

CVE-2022-36526 [HIGH] CVE-2022-36526: D-Link GO-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to Authenticati D-Link GO-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to Authentication Bypass via function phpcgi_main in cgibin.

nvd