Stack-based buffer overflow vulnerability in D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 allows attackers to enable telnet service via specially crafted payload
CVE-2024-22852

9.8CRITICAL

Key Information:

Vendor: D-Link
Status: Go-rt-ac750 Firmware
Vendor: CVE Published:; 6 February 2024

What is CVE-2024-22852?

The D-Link Go-RT-AC750 router, specifically version GORTAC750_A1_FW_v101b03, is vulnerable to a stack-based buffer overflow due to improper handling of input in the genacgi_main function. This security flaw can allow unauthenticated remote attackers to execute arbitrary code, potentially enabling the telnet service via a specially crafted payload. Users are recommended to apply the necessary security updates to mitigate exploitation risks and enhance their network security.

References

https://www.dlink.com/en/security-bulletin/

https://github.com/Beckaf/vunl/blob/main/D-Link/AC750/1/1.md

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 6, 2024
Vulnerability Reserved
Jan 11, 2024