VYPR
← All advisories
Unrated severityNVD Advisory· Published Mar 29, 2023· Updated Feb 18, 2025

CVE-2022-43621

CVE-2022-43621

Description

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-1935 1.03 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from an incorrectly implemented comparison. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-16152.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Authentication bypass vulnerability in D-Link DIR-1935 routers allows network-adjacent attackers to gain full access via a flaw in HNAP login comparison.

Vulnerability

The vulnerability exists in the HNAP (Home Network Administration Protocol) login request handling of D-Link DIR-1935 routers running firmware version 1.03b02 (hardware revision Ax). The specific flaw is an incorrectly implemented comparison during authentication, which allows an attacker to bypass the login mechanism without valid credentials. [1][2]

Exploitation

An attacker must be network-adjacent to the target router (i.e., on the same local network) and does not require any authentication. By sending a specially crafted HNAP login request that exploits the flawed comparison, the attacker can bypass the authentication process. No user interaction is needed. [2]

Impact

Successful exploitation grants the attacker full administrative access to the router. This can lead to complete compromise of confidentiality, integrity, and availability, as the attacker can modify router settings, intercept traffic, or launch further attacks. The CVSS v3 score is 8.8 (High). [2]

Mitigation

D-Link has issued a firmware update to correct this vulnerability. Users should update their DIR-1935 routers to the latest firmware version available from D-Link's support website. [1][2] No workarounds have been provided.

References
  1. D-Link Technical Support
  2. ZDI-22-1503

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.