CVE-2023-48842 is a critical command injection vulnerability identified in the D-Link Go-RT-AC750 router, specifically in the revA_v101b03 hardware/software revision. The vulnerability exists in the handling of the 'service' parameter within the hedwig.cgi endpoint. Command injection vulnerabilities occur when untrusted input is passed to a system shell or command interpreter without proper sanitization or validation, allowing an attacker to execute arbitrary commands on the affected device. In this case, the attacker can remotely send specially crafted requests to the hedwig.cgi service parameter, which the router processes without adequate input validation, enabling execution of arbitrary system commands with the privileges of the web service process. The CVSS v3.1 base score of 9.8 reflects the severity: the vulnerability is remotely exploitable over the network (AV:N), requires no privileges (PR:N), no user interaction (UI:N), and impacts confidentiality, integrity, and availability fully (C:H/I:H/A:H). The scope is unchanged (S:U), meaning the impact is confined to the vulnerable component but is severe within that context. This vulnerability is classified under CWE-78 (Improper Neutralization of Special Elements used in an OS Command). No patches or fixes have been published yet, and there are no known exploits in the wild at the time of publication (2023-12-01). Given the nature of the device (a consumer-grade router), exploitation could allow attackers to take full control of the device, intercept or manipulate network traffic, pivot into internal networks, or cause denial of service by disrupting router functionality.

For European organizations, the impact of this vulnerability can be significant, especially for small and medium enterprises (SMEs) and home office environments that rely on D-Link Go-RT-AC750 routers for internet connectivity. Successful exploitation could lead to full compromise of the router, allowing attackers to intercept sensitive communications, inject malicious traffic, or establish persistent footholds within internal networks. This could result in data breaches, espionage, or disruption of business operations. The vulnerability also poses risks to critical infrastructure sectors if these routers are used in less secure network segments. Given the router’s role as a network gateway, compromise could undermine network perimeter defenses and facilitate lateral movement. The lack of authentication and user interaction requirements lowers the barrier for attackers, increasing the likelihood of automated exploitation attempts once details become public. Although no exploits are currently known in the wild, the critical severity and ease of exploitation make this a high-priority threat for European organizations using this device.

Organizations and users should immediately assess whether they are using the D-Link Go-RT-AC750 revA_v101b03 router. Since no official patch is currently available, mitigation should focus on reducing exposure: 1) Restrict remote access to the router’s management interface by disabling remote administration or limiting access to trusted IP addresses only. 2) Change default credentials and ensure strong, unique passwords are set for router administration. 3) Monitor network traffic for unusual activity that could indicate exploitation attempts, such as unexpected outbound connections or command execution patterns. 4) If possible, isolate the router on a separate network segment to limit potential lateral movement in case of compromise. 5) Regularly check D-Link’s official channels for firmware updates or security advisories addressing this vulnerability and apply patches promptly once available. 6) Consider replacing affected devices with models that have received security updates or have better security track records if mitigation is not feasible. 7) Employ network intrusion detection systems (NIDS) with signatures for command injection attempts targeting hedwig.cgi or similar CGI endpoints.