CVE-2022-43625
Description
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of SetStaticRouteIPv4Settings requests to the web management portal. When parsing the NetMask element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16144.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
D-Link DIR-1935 routers with firmware 1.03 are vulnerable to a stack-based buffer overflow via a crafted NetMask parameter in SetStaticRouteIPv4Settings requests, enabling authenticated remote code execution as root.
Vulnerability
A stack-based buffer overflow vulnerability exists in the handling of SetStaticRouteIPv4Settings requests on the web management portal of D-Link DIR-1935 routers running firmware version 1.03 (build DIR1935A1_FW1.03B02_Beta_ipv6_default_gateway_20181224.bin). The flaw is triggered when parsing the NetMask element: the process copies user-supplied data into a fixed-length stack buffer without proper length validation, allowing an attacker to overflow the buffer [1][2].
Exploitation
An attacker must be network-adjacent and have valid credentials; however, the existing authentication mechanism can be bypassed. To exploit, the attacker sends a crafted SetStaticRouteIPv4Settings request containing an overly long NetMask value to the router's web management interface, causing a stack-based buffer overflow. No user interaction beyond authentication is required once authenticated (or after bypassing authentication) [2].
Impact
Successful exploitation allows an attacker to execute arbitrary code in the context of root, resulting in full compromise of the router. The attacker gains high impact to confidentiality, integrity, and availability (CVSS 6.8, AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) [2].
Mitigation
D-Link has released firmware version v1.03b02 to address this vulnerability, as noted in the vendor advisory SAP10310 [1]. Users should update their DIR-1935 routers to the latest firmware. No workarounds are provided, and the product is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog at the time of publication.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- D-Link/DIR-1935v5Range: 1.03
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.