VYPR
← All advisories
Unrated severityNVD Advisory· Published Mar 29, 2023· Updated Feb 14, 2025

CVE-2022-43626

CVE-2022-43626

Description

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of SetIPv4FirewallSettings requests to the web management portal. When parsing subelements within the IPv4FirewallRule element, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16146.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Command injection in D-Link DIR-1935 SetIPv4FirewallSettings allows authenticated network-adjacent attackers to execute arbitrary code as root.

Vulnerability

This vulnerability is a command injection flaw in the SetIPv4FirewallSettings handler of the web management portal on D-Link DIR-1935 routers. When parsing subelements within the IPv4FirewallRule element, the process does not properly validate a user-supplied string before using it to execute a system call. Affected firmware version is v1.03b02 (and possibly earlier). Authentication is required but can be bypassed [1][2].

Exploitation

An attacker must be network-adjacent and have authenticated access to the web management portal, though the existing authentication mechanism can be bypassed. The attacker sends a crafted SetIPv4FirewallSettings request with malicious input in the IPv4FirewallRule subelement, leading to command injection. No user interaction is required [2].

Impact

Successful exploitation allows arbitrary code execution in the context of root, giving the attacker full control over the router. This can lead to disclosure of sensitive information, modification of configuration, or further network attacks [2].

Mitigation

D-Link has released firmware version 1.03b02 to address this vulnerability, as per the advisory SAP10310 [1]. Users should update to the latest firmware. No workarounds are mentioned. The vulnerability is not listed in CISA KEV as of now [1][2].

References
  1. D-Link Technical Support
  2. ZDI-22-1497

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Dlink/DIR-1935llm-fuzzy
    Range: <= 1.03
  • D-Link/DIR-1935v5
    Range: 1.03

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.