CVE-2024-22852
https://notcve.org/view.php?id=CVE-2024-22852
D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buffer overflow via the function genacgi_main. This vulnerability allows attackers to enable telnet service via a specially crafted payload. D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contiene un desbordamiento de búfer en la región stack de la memoria a través de la función genacgi_main. Esta vulnerabilidad permite a los atacantes habilitar el servicio telnet a través de un payload especialmente manipulado. • https://github.com/Beckaf/vunl/blob/main/D-Link/AC750/1/1.md https://www.dlink.com/en/security-bulletin • CWE-787: Out-of-bounds Write •
CVE-2024-22853
https://notcve.org/view.php?id=CVE-2024-22853
D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 has a hardcoded password for the Alphanetworks account, which allows remote attackers to obtain root access via a telnet session. D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 tiene una contraseña codificada para la cuenta Alphanetworks, que permite a atacantes remotos obtener acceso root a través de una sesión de telnet. • https://github.com/FaLLenSKiLL1/CVE-2024-22853 https://github.com/Beckaf/vunl/blob/main/D-Link/AC750/2/2.md https://www.dlink.com/en/security-bulletin • CWE-798: Use of Hard-coded Credentials •
CVE-2024-22916
https://notcve.org/view.php?id=CVE-2024-22916
In D-LINK Go-RT-AC750 v101b03, the sprintf function in the sub_40E700 function within the cgibin is susceptible to stack overflow. En D-LINK Go-RT-AC750 v101b03, la función sprintf en la función sub_40E700 dentro de cgibin es susceptible al desbordamiento de pila. • https://kee02p.github.io/2024/01/13/CVE-2024-22916 https://www.dlink.com/en/security-bulletin • CWE-787: Out-of-bounds Write •
CVE-2023-48842
https://notcve.org/view.php?id=CVE-2023-48842
D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at hedwig.cgi. Se descubrió que D-Link Go-RT-AC750 revA_v101b03 contenía una vulnerabilidad de inyección de comandos a través del parámetro de servicio en hedwig.cgi. • https://github.com/creacitysec/CVE-2023-48842 https://drive.google.com/file/d/1y5om__f2SAhNmcPqDxC_SRTvJVAWwPcH/view?usp=drive_link • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2023-34800
https://notcve.org/view.php?id=CVE-2023-34800
D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at genacgi_main. Se descubrió que D-Link Go-RT-AC750 revA_v101b03 contiene una vulnerabilidad de inyección de comandos a través del parámetro service en genacgi_main. • https://github.com/Tyaoo/IoT-Vuls/blob/main/dlink/Go-RT-AC750/vul.md https://www.dlink.com/en/security-bulletin • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •