Stack Overflow Vulnerability in D-LINK Go-RT-AC750 Network Router
CVE-2024-22916

9.8CRITICAL

Key Information:

Vendor: D-Link
Status: Go-rt-ac750 Firmware
Vendor: CVE Published:; 16 January 2024

Summary

The D-LINK Go-RT-AC750 router version v101b03 contains a vulnerability within the cgibin module, specifically in the call to the sprintf function located in sub_40E700. This vulnerability allows for a stack overflow condition due to insufficient input validation, potentially leading to remote code execution or denial of service. Users are advised to patch their devices promptly and follow best security practices.

References

https://www.dlink.com/en/security-bulletin/

https://kee02p.github.io/2024/01/13/CVE-2024-22916/

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 16, 2024
Vulnerability Reserved
Jan 11, 2024