D-Link Routers Buffer Overflow Vulnerability (CVE-2022-37055)
D-Link Routers contains a buffer overflow vulnerability that has a high impact on confidentiality, integrity, and availability. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
A remote attacker, without authentication, can achieve full data confidentiality loss, arbitrary modification of data, complete denial of service or system unavailability. Federal agencies are required to remediate by 2025-12-29 under CISA BOD 22-01.
This is a Classic Buffer Overflow (CWE-120) vulnerability in D-Link Routers. D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Buffer Overflow via cgibin, hnap_main, Exploitation requires remote network access, low attack complexity, no authentication required, and no user interaction required.
📧
Phishing link
🖼
Malicious file
🔓
Server compromised
Probably yes if any of these apply:
Active exploitation documented in the wild. Threat-research write-up: https://drive.google.com/file/d/1hmIk0jQoex4QDyjIUg_6yxi-J6ROCh8S/view?usp=sharing
Manual remediation steps
No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.