Authentication Bypass in D-Link GO-RT-AC750 Routers
CVE-2022-36526

7.5HIGH

Key Information:

Vendor

D-Link
Status
Go-rt-ac750 Firmware
Vendor
CVE Published:
15 August 2022

What is CVE-2022-36526?

The D-Link GO-RT-AC750 series routers, specifically the GO-RT-AC750_revA v101b03 and GO-RT-AC750_revB_FWv200b02 versions, are susceptible to an authentication bypass vulnerability. This flaw arises from the improper handling of input in the phpcgi_main function located in the cgibin directory, allowing unauthorized users to gain access without valid credentials. Such access could potentially lead to configurations being altered or sensitive data being exposed. It is crucial for users to ensure their devices are updated to mitigate this risk.

References

http://d-link.com
x_refsource_MISC
https://www.dlink.com/en/security-bulletin/
x_refsource_MISC
https://drive.google.com/file/d/1ji5Ph6c-qgp0lBvbY8BZJjeq...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.