CVE-2022-37057
Description
D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Command Injection via cgibin, ssdpcgi_main.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Command injection vulnerability in D-Link Go-RT-AC750 router's cgibin/ssdpcgi_main allows unauthenticated remote attackers to execute arbitrary commands.
Vulnerability
A command injection vulnerability exists in the cgibin binary of the D-Link Go-RT-AC750 router, specifically in the ssdpcgi_main function. Affected firmware versions are GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 [1]. The vulnerability can be triggered without authentication by sending a crafted request to the SSDP CGI endpoint.
Exploitation
An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the cgibin interface. No prior authentication is required, and the attack can be performed remotely over the network. The malicious payload is injected into a parameter that is passed to a system command, resulting in command execution.
Impact
Successful exploitation allows the attacker to execute arbitrary operating system commands with root privileges. This can lead to full compromise of the device, including data exfiltration, installation of malware, or use in botnets.
Mitigation
D-Link has confirmed that the Go-RT-AC750 model has reached End of Life (EOL) and End of Service (EOS) as of February 29, 2020. No firmware patch is available [1]. The only recommended mitigation is to retire and replace the device with a supported model.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- D-Link/Go-RT-AC750description
- Range: = v101b03 (revA) and = FWv200b02 (revB)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3News mentions
0No linked articles in our index yet.