CVE-2022-36523

Vulnerability

The D-Link Go-RT-AC750 routers running firmware versions GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 contain a command injection vulnerability in the /htdocs/upnpinc/gena.php script. The vulnerability allows an attacker to inject arbitrary commands through crafted HTTP requests to this endpoint.

Exploitation

An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable gena.php endpoint without requiring authentication. The attacker only needs network access to the device. The exact request structure is not publicly detailed, but command injection flaws typically involve inserting shell metacharacters into parameters processed by the script.

Impact

Successful exploitation permits an attacker to execute arbitrary commands on the affected device with root privileges. This can lead to full compromise of the router, including unauthorized access to network traffic, modification of device settings, and potential lateral movement within the network.

Mitigation

As of publication, no official firmware update has been released to address this vulnerability. The device may be approaching end-of-life (EOL) status; D-Link's security bulletin [1] should be monitored for any future patches. Users are advised to restrict network access to the router's administrative interface and consider replacing the device if it is no longer supported.