Command Injection Vulnerability in D-Link Go-RT-AC750 Router
CVE-2023-26822

9.8CRITICAL

Key Information:

Vendor: D-Link
Status: Go-rt-ac750 Firmware
Vendor: CVE Published:; 1 April 2023

Summary

The D-Link Go-RT-AC750 router has been found to be vulnerable to command injection through the service parameter in soapcgi.main. This allows attackers to execute arbitrary commands on the device, potentially compromising the integrity and security of the network. Users are advised to review security bulletins from D-Link and apply relevant firmware updates to mitigate this risk.

References

https://www.dlink.com/en/security-bulletin/

https://github.com/yzskyt/Vuln/blob/main/Go-RT-AC750/Go-R...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 1, 2023
Vulnerability Reserved
Feb 27, 2023