CVE-2022-43620

Vulnerability

The vulnerability resides in the HNAP PrivateLogin handler of D-Link DIR-1935 routers running firmware version 1.03 (specifically build DIR1935A1_FW1.03B02_Beta_ipv6_default_gateway_20181224.bin [1]). The authentication algorithm is improperly implemented, allowing an unauthenticated attacker to bypass the login process. Affected hardware revision is Ax with firmware v1.03b02 [1].

Exploitation

An attacker must be network-adjacent (i.e., on the same local network or within wireless range) and does not require any prior authentication. The attacker sends a specially crafted HNAP login request to the router's management interface. Due to the flawed authentication algorithm, the request is accepted without proper verification, granting the attacker administrative access [2].

Impact

Successful exploitation allows the attacker to bypass authentication and gain full administrative control over the router. This can lead to disclosure of sensitive configuration data, modification of network settings, and potentially remote code execution as the web server runs with elevated privileges. The CVSS score is 8.8 (High) with impacts on confidentiality, integrity, and availability all rated High [2].

Mitigation

D-Link has issued a firmware update to correct this vulnerability [2]. Users should upgrade to the latest firmware version available from the D-Link support website [1]. No workarounds have been provided. If the device is no longer supported, replacement is recommended.