Command Injection Flaw in D-Link Go-RT-AC750 Router
CVE-2023-34800

9.8CRITICAL

Key Information:

Vendor: D-Link
Status: Go-rt-ac750 Firmware
Vendor: CVE Published:; 15 June 2023

Summary

The D-Link Go-RT-AC750 revA_v101b03 has been found vulnerable to a command injection issue through its service parameter at genacgi_main. This flaw could allow attackers to execute arbitrary commands on the device, potentially leading to unauthorized access and the manipulation of system functions. Users are strongly advised to follow vendor updates and apply necessary patches to safeguard their systems against potential exploits.

References

https://www.dlink.com/en/security-bulletin/

https://github.com/Tyaoo/IoT-Vuls/blob/main/dlink/Go-RT-A...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 15, 2023
Vulnerability Reserved
Jun 7, 2023