πŸ”΄ CVE-2022-37055

Critical buffer overflow vulnerability in D-Link GO-RT-AC750 wireless routers affecting cgibin and hnap_main components. This vulnerability is actively exploited in the wild and listed in CISA KEV, allowing unauthenticated remote code execution.

← Back to Overview
HIGH_RISK
Risk Level
9.8
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 β€” Exploit Public-Facing Application
ATT&CK Technique
VERY_HIGH
Deployment Risk
No
Ransomware

πŸ“‹ Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2022-08-28

Added to CISA KEV: 2025-12-08 1198 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

πŸ” Web Intelligence (Kagi Β· 2026-06-04)

CVE-2022-37055 is a critical buffer overflow vulnerability affecting specific D-Link router models, which has been confirmed as being actively exploited in the wild [4]?pageid=PUBADV01&CACODE=CICA-2025-3469?kagi_q=CVE-2022-37055+details+exploitation+threat+actors+impact+patch+status.

Overview and Impact
  • Vulnerability Type: Buffer overflow due to improper memory management in the `hnap_main` component of the affected D-Link routers [2]?pageid=PUBADV01&CACODE=CICA-2025-3469?kagi_q=CVE-2022-37055+details+exploitation+threat+actors+impact+patch+status.
  • Impact: Successful exploitation allows an attacker to execute arbitrary code with device-level privileges?pageid=PUBADV01&CACODE=CICA-2025-3469?kagi_q=CVE-2022-37055+details+exploitation+threat+actors+impact+patch+status. This grants the attacker complete control over the device, enabling them to manipulate network traffic, compromise system integrity, and access sensitive data passing through the router?pageid=PUBADV01&CACODE=CICA-2025-3469?kagi_q=CVE-2022-37055+details+exploitation+threat+actors+impact+patch+status.
Exploitation Details
  • Attack Method: The vulnerability is remotely exploitable [2].
  • Requirements: It does not require authentication or user interaction to exploit, making it highly dangerous for public-facing devices [2].
  • Active Exploitation: CISA officially added this vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog on December 8, 2025, confirming active exploitation in the wild [3] [4]?pageid=PUBADV01&CACODE=CICA-2025-3469?kagi_q=CVE-2022-37055+details+exploitation+threat+actors+impact+patch+status.
Affected Products and Mitigation
  • Affected Versions: The vulnerability specifically affects the D-Link GO-RT-AC750 router, including the following firmware versions:
* `GORTAC750_revA_v101b03` * `GO-RT-AC750_revB_FWv200b02`
  • Status: Users are strongly advised to apply the latest available patches from D-Link immediately to mitigate the risk of compromise?pageid=PUBADV01&CACODE=CICA-2025-3469?kagi_q=CVE-2022-37055+details+exploitation+threat+actors+impact+patch+status.
While the vulnerability is being exploited by threat actors, specific details regarding the identity of the groups or the use of the vulnerability in broader ransomware campaigns are not publicly detailed in the available reports. Users should prioritize checking the official D-Link support resources for the most recent firmware updates for their specific hardware revision [1].

Sources

  1. CVE-2022-37055 Detail - NVD

    This CVE is in CISA's Known Exploited Vulnerabilities Catalog. Reference CISA's BOD 22-01 and Known Exploited Vulnerabilities Catalog for further guidance and ... Exploit Patch Third Party Advisory. https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10308.Reference Type. CISA…

  2. CVE-2022-37055 - Exploits & Severity - Feedly

    Impact. An attacker can exploit this vulnerability to execute arbitrary code remotely without requiring authentication or user interaction. ... Threat Intelligence Report CVE-2022-37055 is a buffer overflow vulnerability found in D-Link devices, specifically affecting the Go-RT-AC750 model's hnap_ma…

  3. CISA Adds Two Known Exploited Vulnerabilities to Catalog

    CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2022-37055…

  4. CISA Alerts on D-Link Router Buffer Overflow Flaw Exploited in Active ...

    On December 8, 2025, the agency officially added the vulnerability, tracked as CVE-2022-37055, to its Known Exploited Vulnerabilities (KEV) catalog. This designation confirms that threat actors are currently exploiting this specific flaw in active cyberattacks, signaling a severe risk to networks th…

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

πŸ“„ Download JSON Data | πŸ“‘ RSS Feed