CVE-2022-36523

Name of the Vulnerable Software and Affected Versions D-Link Go-RT-AC750 versions GORTAC750 revA v101b03 through GO-RT-AC750 revB FWv200b02

Description The issue concerns command injection via the "/htdocs/upnpinc/gena.php" API endpoint. This allows for potential malicious commands to be executed. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations For D-Link Go-RT-AC750 versions GORTAC750 revA v101b03 through GO-RT-AC750 revB FWv200b02, consider restricting access to the "/htdocs/upnpinc/gena.php" endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.