Hardcoded Password in D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 Allows Remote Attackers to Obtain Root Access
CVE-2024-22853

9.8CRITICAL

Key Information:

Vendor: D-LINK
Status: Go-rt-ac750 Firmware
Vendor: CVE Published:; 6 February 2024

Badges

👾 Exploit Exists📰 News Worthy

Summary

The D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 router contains a hardcoded password for the Alphanetworks account. This security flaw enables remote attackers to gain unauthorized root access through a telnet session, potentially compromising the device and the network it operates within. Network administrators should be aware of this vulnerability and take necessary precautions to secure their systems against potential exploitation.

News Articles

prophaze.com

CVE-2024-22853

CVE-2024-22853 : D-LINK GO-RT-AC750 101B03 HARD-CODED PASSWORD - Cloud WAF

CVE-2024-22853 : D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 has a hardcoded password for the Alphanetworks account, which allows remote attackers to obtain root access via a telnet session.

References

https://www.dlink.com/en/security-bulletin/

https://github.com/Beckaf/vunl/blob/main/D-Link/AC750/2/2.md

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Jun 29, 2024
👾
Exploit known to exist
Jun 29, 2024
📰
First article discovered by prophaze.com
Feb 6, 2024
Vulnerability published
Feb 6, 2024
Vulnerability Reserved
Jan 11, 2024

Key Information:

Badges

Summary

Get notified when SecurityVulnerability.io launches alerting 🔔

News Articles

CVE-2024-22853 : D-LINK GO-RT-AC750 101B03 HARD-CODED PASSWORD - Cloud WAF

References

CVSS V3.1

Timeline