Arbitrary Code Execution Vulnerability in D-Link DIR-1935 Routers
CVE-2022-43626
6.8MEDIUM
What is CVE-2022-43626?
The vulnerability in the D-Link DIR-1935 1.03 router allows network-adjacent attackers to bypass authentication protocols and execute arbitrary code on the device. The issue arises from improper validation of user-supplied strings in the SetIPv4FirewallSettings requests within the web management portal. This flaw enables attackers to manipulate the IPv4FirewallRule element and invoke system calls, potentially granting them root-level access. Affected users should apply security updates from D-Link to mitigate risks.
Affected Version(s)
DIR-1935 1.03