CVE-2022-43624
Description
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of SetStaticRouteIPv6Settings requests to the web management portal. When parsing subelements within the StaticRouteIPv6List element, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16145.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A command injection in D-Link DIR-1935 router's SetStaticRouteIPv6Settings allows authenticated network-adjacent attackers to execute arbitrary code as root.
Vulnerability
The vulnerability resides in the web management portal of D-Link DIR-1935 routers (firmware version v1.03, including build v1.03B02_Beta_ipv6_default_gateway_20181224.bin [1][2]). The SetStaticRouteIPv6Settings request handler fails to properly validate a user-supplied string within subelements of the StaticRouteIPv6List element before using it as part of a system call. This enables command injection. Although authentication is required, the existing authentication mechanism can be bypassed [2].
Exploitation
An attacker must be network-adjacent (on the same broadcast domain) and have credentials (or bypass authentication) to send crafted SetStaticRouteIPv6Settings requests to the web management portal. By embedding shell metacharacters in a subelement of StaticRouteIPv6List, the attacker can inject arbitrary commands that are executed by the system [2].
Impact
Successful exploitation allows an attacker to execute arbitrary code as the root user, gaining full control over the router. This can lead to complete compromise of confidentiality, integrity, and availability of the device and potentially the local network [1][2].
Mitigation
D-Link has released firmware version v1.03b02 to address this vulnerability (and others reported) [1]. Users should update to the latest firmware from the D-Link support page. No workarounds are available. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog as of this writing.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- D-Link/DIR-1935v5Range: 1.03
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.