Dlink Dir-1935 Firmware vulnerabilities

CVE-2022-43621 [HIGH] CWE-697 CVE-2022-43621: This vulnerability allows network-adjacent attackers to bypass authentication on affected installati This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-1935 1.03 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from an incorrectly implemented comparison. An attacker can leverag

CVE-2022-43630 [HIGH] CWE-121 CVE-2022-43630: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of http requests to the web management portal. When parsing the SOAPAction header, the process does not prop

CVE-2022-43622 [HIGH] CWE-121 CVE-2022-43622: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of Login requests to the web management portal. When parsing the HNAP_AUTH header, the process does not prop

CVE-2022-43620 [HIGH] CWE-287 CVE-2022-43620: This vulnerability allows network-adjacent attackers to bypass authentication on affected installati This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-1935 1.03 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from the lack of proper implementation of the authentication algori

CVE-2022-43626 [MEDIUM] CWE-78 CVE-2022-43626: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of SetIPv4FirewallSettings requests to the web

CVE-2022-43632 [MEDIUM] CWE-78 CVE-2022-43632: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of SetQoSSettings requests to the web managemen

CVE-2022-43633 [MEDIUM] CWE-78 CVE-2022-43633: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of SetSysLogSettings requests to the web manage

CVE-2022-43627 [MEDIUM] CWE-78 CVE-2022-43627: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of SetStaticRouteIPv4Settings requests to the w

CVE-2022-43625 [MEDIUM] CWE-121 CVE-2022-43625: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of SetStaticRouteIPv4Settings requests to the

CVE-2022-43619 [MEDIUM] CWE-134 CVE-2022-43619: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of ConfigFileUpload requests to the web manage

CVE-2022-43631 [MEDIUM] CWE-78 CVE-2022-43631: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of SetVirtualServerSettings requests to the web

CVE-2022-43629 [MEDIUM] CWE-78 CVE-2022-43629: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of SetSysEmailSettings requests to the web mana

CVE-2022-43623 [MEDIUM] CWE-77 CVE-2022-43623: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of SetWebFilterSetting requests to the web mana

CVE-2022-43628 [MEDIUM] CWE-78 CVE-2022-43628: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of SetIPv6FirewallSettings requests to the web

CVE-2022-43624 [MEDIUM] CWE-78 CVE-2022-43624: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of SetStaticRouteIPv6Settings requests to the w