CVE-2024-27683 - Vulnerability Details - OpenCVE

D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buffer overflow via the function hnap_main. An attacker can send a POST request to trigger the vulnerablilify.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dlink	Go-rt-ac750 Go-rt-ac750 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:dlink:go-rt-ac750_firmware:101b03:*:*:*:*:*:*:*

cpe:2.3:h:dlink:go-rt-ac750:a1:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://drive.google.com/file/d/18RhbBnaD_kH16Y6C-7TpSSPUmYKKyU_k/view
https://gist.github.com/sunwithmoon/428c3871482a600382fec0a1994a518b
https://www.dlink.com/en/security-bulletin/

History

Tue, 15 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00282}`	epss `{'score': 0.00384}`

Tue, 17 Jun 2025 21:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Dlink Dlink go-rt-ac750 Dlink go-rt-ac750 Firmware
CPEs		cpe:2.3:h:dlink:go-rt-ac750:a1:::::::* cpe:2.3:o:dlink:go-rt-ac750_firmware:101b03:::::::*
Vendors & Products		Dlink Dlink go-rt-ac750 Dlink go-rt-ac750 Firmware

Wed, 14 Aug 2024 20:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-121
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-03-21T00:00:00

Updated: 2024-08-14T19:07:30.354Z

Reserved: 2024-02-26T00:00:00

Link: CVE-2024-27683

Vulnrichment

Updated: 2024-08-02T00:34:52.538Z

NVD

Status : Analyzed

Published: 2024-04-11T01:25:05.340

Modified: 2025-06-17T20:55:49.377

Link: CVE-2024-27683

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-27683", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-14T19:07:30.354Z", "dateReserved": "2024-02-26T00:00:00", "datePublished": "2024-03-21T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-03-21T11:32:39.559169"}, "descriptions": [{"lang": "en", "value": "D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buffer overflow via the function hnap_main. An attacker can send a POST request to trigger the vulnerablilify."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.dlink.com/en/security-bulletin/"}, {"url": "https://drive.google.com/file/d/18RhbBnaD_kH16Y6C-7TpSSPUmYKKyU_k/view"}, {"url": "https://gist.github.com/sunwithmoon/428c3871482a600382fec0a1994a518b"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:34:52.538Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.dlink.com/en/security-bulletin/", "tags": ["x_transferred"]}, {"url": "https://drive.google.com/file/d/18RhbBnaD_kH16Y6C-7TpSSPUmYKKyU_k/view", "tags": ["x_transferred"]}, {"url": "https://gist.github.com/sunwithmoon/428c3871482a600382fec0a1994a518b", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-121", "lang": "en", "description": "CWE-121 Stack-based Buffer Overflow"}]}], "affected": [{"vendor": "dlink", "product": "go-rt-ac750_firmware", "cpes": ["cpe:2.3:o:dlink:go-rt-ac750_firmware:101b03:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "101b03", "status": "affected"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-08-14T19:03:53.243547Z", "id": "CVE-2024-27683", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-14T19:07:30.354Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.dlink.com/en/security-bulletin/", "tags": ["x_transferred"]}, {"url": "https://drive.google.com/file/d/18RhbBnaD_kH16Y6C-7TpSSPUmYKKyU_k/view", "tags": ["x_transferred"]}, {"url": "https://gist.github.com/sunwithmoon/428c3871482a600382fec0a1994a518b", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:34:52.538Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-27683", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-14T19:03:53.243547Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:dlink:go-rt-ac750_firmware:101b03:*:*:*:*:*:*:*"], "vendor": "dlink", "product": "go-rt-ac750_firmware", "versions": [{"status": "affected", "version": "101b03"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-14T19:07:20.934Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://www.dlink.com/en/security-bulletin/"}, {"url": "https://drive.google.com/file/d/18RhbBnaD_kH16Y6C-7TpSSPUmYKKyU_k/view"}, {"url": "https://gist.github.com/sunwithmoon/428c3871482a600382fec0a1994a518b"}], "descriptions": [{"lang": "en", "value": "D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buffer overflow via the function hnap_main. An attacker can send a POST request to trigger the vulnerablilify."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-03-21T11:32:39.559169"}}}, "cveMetadata": {"cveId": "CVE-2024-27683", "state": "PUBLISHED", "dateUpdated": "2024-08-14T19:07:30.354Z", "dateReserved": "2024-02-26T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-03-21T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dlink:go-rt-ac750_firmware:101b03:*:*:*:*:*:*:*", "matchCriteriaId": "11857770-E809-483A-993F-1C827428B334", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dlink:go-rt-ac750:a1:*:*:*:*:*:*:*", "matchCriteriaId": "FD359363-0BD0-49DF-99B3-1F6A2CED8378", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buffer overflow via the function hnap_main. An attacker can send a POST request to trigger the vulnerablilify."}, {"lang": "es", "value": "D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contiene un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria a trav\u00e9s de la funci\u00f3n hnap_main. Un atacante puede enviar una solicitud POST para activar la vulnerabilidad."}], "id": "CVE-2024-27683", "lastModified": "2025-06-17T20:55:49.377", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-04-11T01:25:05.340", "references": [{"source": "cve@mitre.org", "tags": ["Permissions Required"], "url": "https://drive.google.com/file/d/18RhbBnaD_kH16Y6C-7TpSSPUmYKKyU_k/view"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://gist.github.com/sunwithmoon/428c3871482a600382fec0a1994a518b"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://www.dlink.com/en/security-bulletin/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "https://drive.google.com/file/d/18RhbBnaD_kH16Y6C-7TpSSPUmYKKyU_k/view"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://gist.github.com/sunwithmoon/428c3871482a600382fec0a1994a518b"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://www.dlink.com/en/security-bulletin/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}