Attackers exploit this vulnerability through the router’s web interface components, specifically “cgibin” and “hnap_main,” by submitting input that exceeds allocated buffer sizes, leading to memory corruption.
This classic CWE-120 buffer overflow enables remote unauthenticated code execution with high impact on confidentiality, integrity, and availability, as attackers overwrite adjacent memory to inject malicious payloads.
The CVSS v3.1 base score of 9.8 (Critical) reflects its ease of remote exploitation without privileges or user interaction (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A: H).
Affected models include D-Link Go-RT-AC750 firmware versions GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02, many of which reached end-of-life status without patches.
Threat actors craft oversized HTTP requests to trigger the overflow, potentially hijacking network traffic, stealing data, or using devices as botnet nodes.
Real-world attacks spiked recently, targeting unpatched home and enterprise routers.
| CVE Parameter | Details |
|---|---|
| CVE ID | CVE-2022-37055 |
| Vendor/Product | D-Link / Go-RT-AC750 Routers |
| CVSS Score | 9.8 (Critical) |
| CWE | CWE-120 (Buffer Overflow) |
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| KEV Add Date | 2025-12-08 |
| Due Date | 2025-12-29 |
| Ransomware Link | Unknown |
| Patch Status | EoL/EoS; No updates |
Urgent Mitigations
Organizations must scan networks for vulnerable D-Link routers and isolate them immediately, as no vendor firmware fixes exist for EoL models.
CISA urges discontinuation of affected products per BOD 22-01, prioritizing replacement with supported hardware.
Network defenders should deploy web application firewalls to block anomalous HTTP requests to CGI/HNAP endpoints and monitor for signs of exploitation, such as unusual traffic spikes.
Home users facing similar devices should power them off and upgrade to modern alternatives from vendors with active security support.
Enterprises that integrate these routers into supply chains risk lateral movement by attackers post-compromise.
Proactive vulnerability management using CISA’s KEV as a baseline prevents broader impacts from such persistent threats.
Regular firmware audits and segmentation limit exposure until complete replacement.
Follow us on Google News , LinkedIn and X to Get More Instant Updates, Set Cyberpress as a Preferred Source in Google.
![Pinterest](https://pinterest.com/pin/create/button/?url=https://thecybernews.com/cisa-warns-d-link-flaw/&media=https://i1.wp.com/blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh4T9P3nJjQa8wO1Kf_KHgLfTsfRF7k7QfsQNL6Y1ADZzgMv1tM4uRD0qLGtU-v3KrGTZWsv7EnmeTbT4AqfF-rJMleNm2NZMPCg964oGVA3zXYdggJS5GHoAH2F2z0DT5LZiMS_NW4L47aCjI4FjLyP8ZHO1IvpS_KKIIITi6JIWf4TX3jiiIIIr9xID7a/s1600/CISA%20Warns%20D-Link%20Fl..._imresizer.webp?resize=1600,900&ssl=1&description=Attackers exploit this vulnerability through the router's web interface components, specifically "cgibin" and "hnap_main," by submitting){kind=link}