CVE-2022-36524

Vulnerability

The D-Link GO-RT-AC750 router models GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 contain a static default credential vulnerability in the telnet service. The file /etc/init0.d/S80telnetd.sh stores hardcoded credentials that are not changed during initial setup, enabling unauthenticated remote access to the device's command shell.

Exploitation

An attacker with network access to the router's telnet port (typically TCP 23) can connect and log in using the default credentials stored in the script. No prior authentication or user interaction is required. The attacker simply initiates a telnet session and supplies the hardcoded username and password.

Impact

Successful exploitation grants the attacker a root-level shell on the device. This allows full control over the router, including the ability to modify configuration, intercept network traffic, launch further attacks on the local network, and persist access.

Mitigation

As of the publication date (2022-08-15), D-Link has not released a firmware update to address this vulnerability. The affected models may be end-of-life (EOL). Users should disable the telnet service if possible, restrict network access to the device, or replace the router with a supported model. Refer to the D-Link security bulletin [1] for general guidance.