Remote Code Execution Vulnerability in D-Link DIR-1935 Routers
CVE-2022-43632
6.8MEDIUM
What is CVE-2022-43632?
A vulnerability in D-Link DIR-1935 routers allows network-adjacent attackers to execute arbitrary code by leveraging a flaw in the handling of SetQoSSettings requests. This issue arises when subelements of the QoSInfo element are improperly validated before being used in a system call, leading to potential code execution with root privileges. Although the situation requires authentication, the existing mechanisms can be bypassed, posing a significant threat to affected installations.
Affected Version(s)
DIR-1935 1.03