5 matches found
CVE-2022-43621
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-1935 1.03 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from an...
Design/Logic Flaw
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
Design/Logic Flaw
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
CVE-2022-43620
CVE-2022-43620 affects D-Link DIR-1935, version 1.03. The issue is an authentication bypass in the HNAP login handling, caused by improper authentication implementation. This enables network-adjacent attackers to bypass authentication on affected routers. Documented references include ZDI-22-1494...
CVE-2022-43630
CVE-2022-43630 affects D-Link DIR-1935 (firmware ~1.03). The vulnerability is a stack-based buffer overflow in the handling of SOAPAction header in the web management portal, exploitable by network-adjacent attackers without authentication to execute code as root. The issue is documented as a rem...