CVE-2022-37055 - Vulnerability Details

D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Buffer Overflow via cgibin, hnap_main,

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is in the KEV database since Dec. 8, 2025.

Exploitation active

Automatable yes

Technical Impact total

Vendors	Products
Dlink	Go-rt-ac750 Go-rt-ac750 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:dlink:go-rt-ac750_firmware:2.00b02:*:*:*:*:*:*:*

cpe:2.3:h:dlink:go-rt-ac750:revision_b:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:dlink:go-rt-ac750_firmware:1.01b03:*:*:*:*:*:*:*

cpe:2.3:h:dlink:go-rt-ac750:revision_a:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://drive.google.com/file/d/1hmIk0jQoex4QDyjIUg_6yxi-J6ROCh8S/view?usp=sharing
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10308
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-37055
https://www.dlink.com/en/security-bulletin/
https://www.fortiguard.com/outbreak-alert/d-link-multiple-devices-attack

History

Tue, 09 Dec 2025 19:30:00 +0000

Type	Values Removed	Values Added
CPEs	cpe:2.3:h:dlink:go-rt-ac750:-:::::::*	cpe:2.3:h:dlink:go-rt-ac750:revision_a:::::::* cpe:2.3:h:dlink:go-rt-ac750:revision_b:::::::*

Tue, 09 Dec 2025 19:00:00 +0000

Type	Values Removed	Values Added
CPEs	cpe:2.3:o:dlink:go-rt-ac750_firmware:reva_1.01b03:::::::* cpe:2.3:o:dlink:go-rt-ac750_firmware:revb_2.00b02:::::::*	cpe:2.3:o:dlink:go-rt-ac750_firmware:1.01b03:::::::* cpe:2.3:o:dlink:go-rt-ac750_firmware:2.00b02:::::::*

Mon, 08 Dec 2025 19:15:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-37055 https://www.fortiguard.com/outbreak-alert/d-link-multiple-devices-attack
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 08 Dec 2025 18:30:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2025-12-08T00:00:00+00:00', 'dueDate': '2025-12-29T00:00:00+00:00'}`

Mon, 06 Jan 2025 15:00:00 +0000

Type	Values Removed	Values Added
References		https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10308

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-08-28T16:05:21.000Z

Updated: 2025-12-09T04:55:55.687Z

Reserved: 2022-08-01T00:00:00.000Z

Link: CVE-2022-37055

Vulnrichment

Updated: 2024-08-03T10:21:32.589Z

NVD

Status : Analyzed

Published: 2022-08-28T17:15:08.363

Modified: 2025-12-09T19:15:22.987

Link: CVE-2022-37055

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation active

Automatable yes

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object