—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

CURRENT ACTIVITIES 

Threat Actors exploiting Buffer Overflow Vulnerability in D-Link routers 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

It has been reported that the threat actors are exploiting Buffer Overflow Vulnerability (CVE-2022-37055)  in D-Link routers. 

Software Affected 

• D-Link Go-RT-AC750 Versions – GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02

Description 

This vulnerability exists due to improper memory management in D-Link routers. An attacker could exploit this vulnerability to execute arbitrary code with device-level privileges, which result in complete control over network traffic, system integrity, and the confidentiality of data on the affected system. 

Note: This vulnerability (CVE-2022-37055) is being exploited in the wild. Users are strongly advised to apply the latest patches immediately. 

Solution 

Apply appropriate updates as mentioned by the vendor: 

https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10308 

It is also recommended to retire and replace D-Link devices that have reached End-of-Life / End-of-Service. 

Vendor Information 

D-Link 

https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10482 

https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10308 

References 

CyberSecurityNews 

https://cybersecuritynews.com/cisa-d-link-routers-vulnerability/ 

RedPacket Security 

https://www.redpacketsecurity.com/cve-alert-cve-2022-37055-n-a-n-a/ 

CVE Name 

CVE-2022-37055 

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmk60HwACgkQ3jCgcSdc

ys/xJg//S6e67qgJwHwG3ZGZM+d7Ab8UVuaZWZw4wUhhJzhZNf42vG+0RBos0LEN

CfHvTMJAi9/nXEhipce4OPmp2zkiDAEkrB3qcvVw/E3NkadWGD54+vlf0dAKbdvZ

P4rZb4Z1ee1UocPkpm32HA3UQlighwZoDnS87GwW8lkWEkF7jmHG+eN5QC9Gd9Fm

+N0Iz4oSoDoddctGIk1wTllkWn1ZkgtMroGSmohcS3he5IRv3Nrwuh+9/QjRfgl5

p0/NBi6s5MUhGyOqCM1Lzmo0N1VvF420yzaJWy3beHqA6MgR/A0qQi1E20W4unc5

KMkKs4+68oe2aG6c6A5jMTswby2EK99G9nmJfRN6jKSfteDcd6mgZzofa+kdB+bg

bTikeM0iaEyjKuxfhfOc43Yn1Cxi6I61hPOh3V/xqoUfKbxU1zHSONcna6dywUWl

zBlV0u7Pqti4P/7fXrIPSY8XKHrpd6lYiKv1sy9eKdWR5SQMstm8fRp82te6VGX6

KAwXT06gGTES4zQmfm0y5ar3mHvrnwxAaq5Wfbh7l/3X/ahEi0I6wLKHeQYQ2rul

uVEuoPRt2KR/NUspRt7F99Pl5T+gMgmFDZa7y8chQGecd7IjofsH2V8Z8ZuFRsKl

Vafpe3168UWFOCSRr4OvWFIIjvLzGSSrjHO+a6j7W6Qdn1xgVvU=

=flrG

—–END PGP SIGNATURE—–