PT-2023-3363 · D Link · D-Link Go-Rt-Ac750

CVE-2023-34800

·

Published

2023-06-15

·

Updated

2024-12-16

CVSS v2.0

10

Critical

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions D-Link Go-RT-AC750 revA v101b03
Description The issue is related to a command injection vulnerability. It can be exploited via the service parameter at genacgi main, allowing a remote attacker to execute arbitrary commands. The vulnerability is associated with the failure to neutralize special elements in the router's firmware.
Recommendations For D-Link Go-RT-AC750 revA v101b03, as a temporary workaround, consider restricting access to the genacgi main endpoint to minimize the risk of exploitation. Avoid using the service parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

BDU:2023-03519
CVE-2023-34800

Affected Products

D-Link Go-Rt-Ac750