CVE-2022-37055

critical

Description

D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Buffer Overflow via cgibin, hnap_main,

References

https://www.fortiguard.com/outbreak-alert/d-link-multiple-devices-attack

https://www.cisa.gov/news-events/alerts/2025/12/08/cisa-adds-two-known-exploited-vulnerabilities-catalog

https://securityaffairs.com/185135/malware/new-mirai-variant-shadowv2-tests-iot-exploits-amid-aws-disruption.html

https://www.theregister.com/2025/11/26/miraibased_botnet_shadowv2/

https://www.bleepingcomputer.com/news/security/new-shadowv2-botnet-malware-used-aws-outage-as-a-test-opportunity/

https://www.dlink.com/en/security-bulletin/

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-37055

https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10308

https://drive.google.com/file/d/1hmIk0jQoex4QDyjIUg_6yxi-J6ROCh8S/view?usp=sharing

Details

Source: Mitre, NVD

Published: 2022-08-28

Updated: 2025-12-09

Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.70214