CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2022-37055

CVSS 9.8v3.1pub. 2022-08-28upd. 2025-12-10

D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Buffer Overflow via cgibin, hnap_main,

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Dlink Go Rt Ac750

    HW
    Dlink
    revision_arevision_b
  • Dlink Go Rt Ac750 Firmware

    OS
    Dlink
    1.01b032.00b02

CISA KEV — detailsi

Vendori
D-Link
Producti
Routers
Added to KEVi
December 8, 2025
Remediation deadline (US Federal)i
December 29, 2025(overdue)
Required action (CISA)i

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CISA descriptioni

D-Link Routers contains a buffer overflow vulnerability that has a high impact on confidentiality, integrity, and availability. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 29 grudnia 2025
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2024-27683CRITICAL9.8PL ✓ten sam produkt

Stack-based buffer overflow w D-Link Go-RT-AC750 via funkcja hnap_main

CVE-2024-22853CRITICAL9.8PL ✓ten sam produkt

D-Link Go-RT-AC750: hardcoded hasło umożliwia zdalny dostęp root przez telnet

CVE-2024-22852CRITICAL9.8PL ✓ten sam produkt

Stack-based buffer overflow w D-Link Go-RT-AC750 — aktywacja usługi telnet

CVE-2024-22916CRITICAL9.8PL ✓ten sam produkt

Stack overflow w D-LINK Go-RT-AC750 — funkcja sprintf w cgibin

CVE-2023-48842CRITICAL9.8PL ✓ten sam produkt

Command injection w D-Link Go-RT-AC750 via hedwig.cgi