Arbitrary Code Execution in D-Link DIR-1935 Routers
CVE-2022-43624
6.8MEDIUM
What is CVE-2022-43624?
This vulnerability allows attackers with network access to exploit the D-Link DIR-1935 1.03 router. By bypassing the existing authentication mechanisms, attackers can manipulate the SetStaticRouteIPv6Settings requests sent to the router's web management portal. A flaw in the validation process for user-supplied data within the StaticRouteIPv6List element can lead to execution of arbitrary code in the context of the root user, posing a significant threat to affected installations.
Affected Version(s)
DIR-1935 1.03