CRITICAL🇵🇱 Wersja polska

CVE-2024-22853

CVSS 9.8v3.1pub. 2024-02-06upd. 2025-06-20

D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 has a hardcoded password for the Alphanetworks account, which allows remote attackers to obtain root access via a telnet session.

🤖 AI Analysis
How it works

In the D-Link Go-RT-AC750 router firmware version GORTAC750_A1_FW_v101b03, there exists an Alphanetworks user account with a hardcoded password. An attacker can establish a telnet session with the device and log in using this predefined password without knowledge of any individual authentication credentials. Since this account has root privileges, the attacker immediately gains full control over the device's operating system.

Impact

A remote attacker, without authentication, gains root access to the device, enabling full control over the router — including network configuration modification, traffic interception, installation of malicious software, and use of the device as an entry point to the internal network.

Mitigation & patch

Apply patches available from the manufacturer according to references (https://www.dlink.com/en/security-bulletin/). Until firmware is updated, it is recommended to disable the telnet service on the device and restrict access to the management interface exclusively to trusted IP addresses or local network only.

Who is affected

D-Link Go-RT-AC750 (GORTAC750_A1_FW_v101b03)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Dlink Go Rt Ac750

    HW
    Dlink
    wszystkie wersje
  • Dlink Go Rt Ac750 Firmware

    OS
    Dlink
    101b03
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2022-37055CRITICAL9.8⚠ KEVten sam produkt

D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Buffer Overflow via...

CVE-2024-27683CRITICAL9.8PL ✓ten sam produkt

Stack-based buffer overflow w D-Link Go-RT-AC750 via funkcja hnap_main

CVE-2024-22852CRITICAL9.8PL ✓ten sam produkt

Stack-based buffer overflow w D-Link Go-RT-AC750 — aktywacja usługi telnet

CVE-2024-22916CRITICAL9.8PL ✓ten sam produkt

Stack overflow w D-LINK Go-RT-AC750 — funkcja sprintf w cgibin

CVE-2023-48842CRITICAL9.8PL ✓ten sam produkt

Command injection w D-Link Go-RT-AC750 via hedwig.cgi