CVE-2024-22853

Vulnerability

The D-Link Go-RT-AC750 router, running firmware version GORTAC750_A1_FW_v101b03, contains a hardcoded password for the built-in Alphanetworks account. This account is accessible via telnet without any additional authentication mechanism. The vulnerability is present in the telnet service configuration, where the credentials are embedded in the firmware binary and cannot be changed by the user.

Exploitation

An attacker with network access to the router's telnet service (typically exposed on port 23 if enabled) can connect and supply the hardcoded credentials for the Alphanetworks account. The telnet service does not require any prior authentication bypass or user interaction; the credentials are static and well-known. The attacker must know the target's IP address and have network connectivity to the router.

Impact

Successful exploitation allows the attacker to obtain a root shell on the device, achieving full system compromise. This gives the attacker complete control over the router's configuration, network traffic, and connected devices, leading to potential information disclosure, denial of service, or use of the device as a pivot point.

Mitigation

As of the publication date (2024-02-06), D-Link's security bulletin [1] does not provide a specific fix. The Go-RT-AC750 is likely an end-of-life (EOL) product; users should check the vendor's EOL policy and consider replacing the device with a supported model if no patch is released. Disabling telnet and restricting network access to the router's management interfaces may reduce exposure, but the hardcoded nature of the vulnerability cannot be remediated without a firmware update.