CVE-2022-43628
Description
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of SetIPv6FirewallSettings requests to the web management portal. When parsing subelements within the IPv6FirewallRule element, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16148.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An authenticated command injection flaw in D-Link DIR-1935 routers allows a network-adjacent attacker to execute arbitrary code as root.
Vulnerability
This vulnerability affects D-Link DIR-1935 routers running firmware version 1.03 (build DIR1935A1_FW1.03B02_Beta_ipv6_default_gateway_20181224.bin). The bug resides in the SetIPv6FirewallSettings request handler of the web management portal. When processing sub-elements within the IPv6FirewallRule element, the software fails to validate a user-supplied string before passing it to a system call, resulting in a command injection flaw [1][2].
Exploitation
An attacker must be on the same network as the target router (network-adjacent) and authenticate to the web management portal. Although authentication is required, existing mechanisms can be bypassed. After gaining access, the attacker crafts a malicious SetIPv6FirewallSettings request with a payload embedded in one of the IPv6FirewallRule sub-elements; the unsanitized string is then executed as part of a system command [2].
Impact
Successful exploitation allows the attacker to execute arbitrary operating system commands in the context of the root user, leading to full compromise of the router (confidentiality, integrity, and availability) [1][2].
Mitigation
D-Link has released firmware version 1.03b02 (revision Ax) to address this and other vulnerabilities [1]. Users are advised to update to the latest firmware available from the D-Link support page. No KEV listing or additional workarounds are documented in the provided references.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- D-Link/DIR-1935v5Range: 1.03
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.