CVE-2024-22916
Description
In D-LINK Go-RT-AC750 v101b03, the sprintf function in the sub_40E700 function within the cgibin is susceptible to stack overflow.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Stack overflow in sprintf in D-Link Go-RT-AC750 v101b03 cgibin allows unauthenticated remote command execution.
Vulnerability
A stack overflow vulnerability exists in the sub_40E700 function within the cgibin binary of D-Link Go-RT-AC750 firmware version v101b03. The issue occurs due to improper use of the sprintf function for string concatenation, leading to buffer overflow. The vulnerable code path is triggered via the genacgi_main function's SUBSCRIBE handler.
Exploitation
An attacker can exploit the vulnerability by sending a crafted HTTP request to the router's web interface. The stack overflow allows overwriting of memory, enabling arbitrary command execution. While the proof-of-concept (PoC) is not publicly disclosed, it demonstrates executing telnetd -l /bin/sh to gain shell access [2].
Impact
Successful exploitation grants an unauthenticated attacker arbitrary command execution with the privileges of the cgibin process, typically root. This results in full compromise of the device, including the ability to modify configuration, exfiltrate data, or launch further attacks.
Mitigation
As of the publication date (2024-01-16), D-Link has not released a firmware update to address this vulnerability. No workaround is available. Users should consider isolating the device from untrusted networks or replacing it with a supported model.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- D-LINK/Go-RT-AC750description
- Range: = v101b03
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.