CVE-2022-43620

Published: Mar 29, 2023Modified: Jun 17, 2026

8.8

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-1935 1.03 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from the lack of proper implementation of the authentication algorithm. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-16142.

Affected (3)

Products: Dlink: Dir 1935 Firmware

1 product

Dir 1935 Firmware

Configuration A

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dir 1935 Firmware	Up to 1.02
Dlink Dir 1935 Firmware	Version 1.03 b1
Dlink Dir 1935 Firmware	Version 1.03 b2

Running on/with	Platform Versions
Dlink Dir 1935	All versions

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (4)

https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10310

Source: zdi-disclosures@trendmicro.com

PatchVendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-22-1494/

Source: zdi-disclosures@trendmicro.com

Third Party AdvisoryVDB Entry

https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10310

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-22-1494/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.