Code Execution Vulnerability in D-Link DIR-1935 Routers
CVE-2022-43630
8.8HIGH
What is CVE-2022-43630?
A vulnerability exists in D-Link DIR-1935 routers which allows network-adjacent attackers to execute arbitrary code through the web management portal. The flaw is found in the handling of HTTP requests, specifically in parsing the SOAPAction header, where user-supplied data is not adequately validated before being copied to a fixed-length buffer. This oversight enables attackers to potentially execute code with root privileges, making it imperative for affected users to apply the necessary security updates.
Affected Version(s)
DIR-1935 1.03