CVE-2022-35619

Vulnerability

The vulnerability is a remote code execution (RCE) flaw in the ssdpcgi_main function of the D-Link DIR-818LW A1 router running firmware version DIR818L_FW105b01. This function handles SSDP (Simple Service Discovery Protocol) requests, making the bug reachable over the network without authentication. The affected device is the D-Link DIR-818LW revision A1 with the specified firmware.

Exploitation

An unauthenticated attacker with network access to the router can exploit this vulnerability by sending a specially crafted SSDP packet to the device's UPnP service. The exact sequence of steps required to trigger the code execution has not been publicly disclosed, but the vulnerability is known to be remotely exploitable.

Impact

Successful exploitation allows an attacker to execute arbitrary code on the router, likely with root privileges. This can lead to full compromise of the device, enabling the attacker to monitor traffic, modify configurations, or use the router as a pivot point for further attacks on the local network.

Mitigation

As of the publication date, D-Link has not released a firmware update to patch this vulnerability. The device may be end-of-life (EOL), and users are advised to check the D-Link security bulletin [1] for any future updates. As a workaround, disabling UPnP on the router may reduce the attack surface, but does not eliminate the risk. If no patch becomes available, replacing the device is recommended.