CVE-2022-37056

Name of the Vulnerable Software and Affected Versions D-Link GO-RT-AC750 versions GORTAC750 revA v101b03 through GO-RT-AC750 revB FWv200b02

Description The issue is related to the hnap main function of the D-Link GO-RT-AC750 router's firmware, which fails to neutralize special elements used in an operating system command. This can be exploited by a remote attacker to execute arbitrary commands via the /cgi-bin endpoint and the hnap main function.

Recommendations For versions GORTAC750 revA v101b03 and GO-RT-AC750 revB FWv200b02, consider disabling access to the /cgi-bin endpoint as a temporary workaround until a patch is available. Restrict the use of the hnap main function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.