CVE-2022-37055
CRITICAL KEVD-Link Go-RT-AC750 Firmware - Buffer Overflow via cgibin hnap_main
Title source: llmExploitation Summary
CVE-2022-37055 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added December 8, 2025.
Description
D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Buffer Overflow via cgibin, hnap_main,
References (5)
Core 5
Core References
Exploit, Patch, Third Party Advisory
https://drive.google.com/file/d/1hmIk0jQoex4QDyjIUg_6yxi-J6ROCh8S/view?usp=sharing
Vendor Advisory
https://www.dlink.com/en/security-bulletin/
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-37055
Third Party Advisory
https://www.fortiguard.com/outbreak-alert/d-link-multiple-devices-attack
Scores
CVSS v3
9.8
EPSS
0.8188
EPSS Percentile
99.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
yes
Technical Impact
total
Details
CISA KEV
2025-12-08
VulnCheck KEV
2024-05-24
ENISA EUVD
EUVD-2022-39709
CWE
CWE-120
Status
published
Products (2)
dlink/go-rt-ac750_firmware
2.00b02
dlink/go-rt-ac750_firmware
1.01b03
Published
Aug 28, 2022
KEV Added
Dec 08, 2025
Tracked Since
Feb 18, 2026