D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 has a hardcoded password for the Alphanetworks account, which allows remote attackers to obtain root access via a telnet session.
In the D-Link Go-RT-AC750 router firmware version GORTAC750_A1_FW_v101b03, there exists an Alphanetworks user account with a hardcoded password. An attacker can establish a telnet session with the device and log in using this predefined password without knowledge of any individual authentication credentials. Since this account has root privileges, the attacker immediately gains full control over the device's operating system.
A remote attacker, without authentication, gains root access to the device, enabling full control over the router — including network configuration modification, traffic interception, installation of malicious software, and use of the device as an entry point to the internal network.
Apply patches available from the manufacturer according to references (https://www.dlink.com/en/security-bulletin/). Until firmware is updated, it is recommended to disable the telnet service on the device and restrict access to the management interface exclusively to trusted IP addresses or local network only.
D-Link Go-RT-AC750 (GORTAC750_A1_FW_v101b03)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDlink Go Rt Ac750
HWDlinkwszystkie wersjeDlink Go Rt Ac750 Firmware
OSDlink101b03
Related vulnerabilities
D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Buffer Overflow via...
Stack-based buffer overflow w D-Link Go-RT-AC750 via funkcja hnap_main
Stack-based buffer overflow w D-Link Go-RT-AC750 — aktywacja usługi telnet
Stack overflow w D-LINK Go-RT-AC750 — funkcja sprintf w cgibin
Command injection w D-Link Go-RT-AC750 via hedwig.cgi