CVE-2022-37055
Published: 28 August 2022
Summary
CVE-2022-37055 is a critical-severity Classic Buffer Overflow (CWE-120) vulnerability in Dlink Go-Rt-Ac750 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 0.8% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
D-Link Go-RT-AC750 routers running firmware GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 contain a buffer overflow vulnerability (CWE-120) reachable through the cgibin hnap_main component. The flaw carries a CVSS 3.1 base score of 9.8 and permits unauthenticated network access that can result in full confidentiality, integrity, and availability impact.
An attacker with network adjacency to an affected device can send crafted requests to the HNAP endpoint without credentials or user interaction, enabling arbitrary code execution or device takeover. The published EPSS score of 0.8048 (peak 0.8291) indicates sustained exploitation interest since disclosure.
D-Link has issued security publication SAP10308 and corresponding bulletins at supportannouncement.us.dlink.com and www.dlink.com/en/security-bulletin/ that address the affected firmware versions.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-39709
Vulnerability details
D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Buffer Overflow via cgibin, hnap_main,
- CWE(s)
- KEV Date Added
- 08 December 2025
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of all inputs to the hnap_main/cgibin interface, preventing the crafted requests that trigger the CWE-120 buffer overflow.
Applies memory-protection mechanisms (e.g., ASLR, non-executable stacks) that block successful exploitation of the overflow into arbitrary code execution.
Mandates prompt application of the vendor firmware updates referenced in SAP10308 that eliminate the vulnerable code path.