CVE-2024-22853 – This vulnerability allows remote attackers to g... (How to Fix)

Q: What is the severity of CVE-2024-22853?

CVE-2024-22853 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows remote attackers to gain root access to D-LINK Go-RT-AC750 routers via telnet using a hardcoded password for the Alphanetworks account. Anyone using the affected firmware version is vulnerable to complete system compromise. Attackers can take full control of the router without authentication.

📋 TL;DR

This vulnerability allows remote attackers to gain root access to D-LINK Go-RT-AC750 routers via telnet using a hardcoded password for the Alphanetworks account. Anyone using the affected firmware version is vulnerable to complete system compromise. Attackers can take full control of the router without authentication.

💻 Affected Systems

Products:

D-LINK Go-RT-AC750 GORTAC750_A1

Versions: Firmware version v101b03

Operating Systems: Router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default configuration with telnet service likely enabled. Other firmware versions may also be affected but not confirmed.

📦 What is this software?

Go Rt Ac750 Firmware by Dlink

View all CVEs affecting Go Rt Ac750 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete router takeover allowing traffic interception, network pivoting, malware deployment, and persistent backdoor installation across the entire network.

🟠

Likely Case

Router compromise leading to DNS hijacking, credential theft from network traffic, and botnet recruitment.

🟢

If Mitigated

Limited impact if telnet is disabled and strong perimeter controls prevent external access.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing and telnet is often enabled by default, allowing direct remote exploitation.

🏢 Internal Only: MEDIUM - Internal attackers could exploit if they gain network access, but requires telnet access to the router.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only telnet access and knowledge of the hardcoded password. Public GitHub repository contains details.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.dlink.com/en/security-bulletin/

Restart Required: No

Instructions:

Check D-LINK security bulletin for firmware updates. If available, download from official D-LINK support portal and follow firmware upgrade instructions.

🔧 Temporary Workarounds

Disable Telnet Service

all

Completely disable telnet access to prevent exploitation of the hardcoded credential.

Access router admin interface -> Advanced -> Administration -> Remote Management -> Disable Telnet

Change Default Credentials

all

Change all default passwords including admin account, though this may not fix the hardcoded Alphanetworks account.

Access router admin interface -> Management -> Account -> Change password

🧯 If You Can't Patch

Isolate router from internet by disabling WAN access or placing behind firewall
Implement network segmentation to limit router access to management network only

🔍 How to Verify

Check if Vulnerable:

Attempt telnet connection to router on port 23 and try logging in with Alphanetworks account using known hardcoded password.

Check Version:

Login to router web interface -> Status -> Firmware Version or check sticker on device

Verify Fix Applied:

Verify telnet service is disabled or connection attempts fail. Check firmware version is updated beyond v101b03.

📡 Detection & Monitoring

Log Indicators:

Failed/successful telnet authentication attempts
Alphanetworks account login events
Root access via telnet

Network Indicators:

Telnet traffic to router on port 23
Unusual outbound connections from router

SIEM Query:

source="router_logs" AND (event="telnet_login" OR user="Alphanetworks")

📊 Metadata

CVE ID: CVE-2024-22853

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-798

Published: February 6, 2024

Last Updated: June 20, 2025

🔗 References

https://github.com/Beckaf/vunl/blob/main/D-Link/AC750/2/2.md Exploit,Third Party Advisory
https://www.dlink.com/en/security-bulletin/ Vendor Advisory
https://github.com/Beckaf/vunl/blob/main/D-Link/AC750/2/2.md Exploit,Third Party Advisory
https://www.dlink.com/en/security-bulletin/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-22853, you might also want to check these: