CVE-2022-43619

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of ConfigFileUpload requests to the web management portal. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16141.

CVSS v3 6.8 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10310	Patch Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-1493/	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:dlink:dir-1935_firmware::::::::
	cpe:2.3:o:dlink:dir-1935_firmware:1.03:b1::::::
	cpe:2.3:o:dlink:dir-1935_firmware:1.03:b2::::::

cpe:2.3:h:dlink:dir-1935:-:*:*:*:*:*:*:*

History

08 Nov 2023, 22:58

Type	Values Removed	Values Added
CPE	cpe:2.3:o:d-link:dir-1935_firmware::::::::	cpe:2.3:o:dlink:dir-1935_firmware::::::::

08 Nov 2023, 13:30

Type	Values Removed	Values Added
First Time		Dlink Dlink dir-1935 Firmware Dlink dir-1935
CPE	cpe:2.3:h:d-link:dir-1935:-:::::::* cpe:2.3:o:d-link:dir-1935_firmware:1.03:b1:::::: cpe:2.3:o:d-link:dir-1935_firmware:1.03:b2::::::	cpe:2.3:o:dlink:dir-1935_firmware:1.03:b1:::::: cpe:2.3:o:dlink:dir-1935_firmware:1.03:b2:::::: cpe:2.3:h:dlink:dir-1935:-:::::::*

Information

Published : 2023-03-29 19:15

Updated : 2024-02-28 20:13

NVD link : CVE-2022-43619

Mitre link : CVE-2022-43619

CVE.ORG link : CVE-2022-43619

JSON object : View

Products Affected

dlink

dir-1935
dir-1935_firmware

CWE

CWE-134

Use of Externally-Controlled Format String

{"id": "CVE-2022-43619", "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "zdi-disclosures@trendmicro.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}]}, "published": "2023-03-29T19:15:19.143", "references": [{"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10310", "tags": ["Patch", "Vendor Advisory"], "source": "zdi-disclosures@trendmicro.com"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1493/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "zdi-disclosures@trendmicro.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-134"}]}, {"type": "Secondary", "source": "zdi-disclosures@trendmicro.com", "description": [{"lang": "en", "value": "CWE-134"}]}], "descriptions": [{"lang": "en", "value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of ConfigFileUpload requests to the web management portal. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16141."}], "lastModified": "2023-11-08T22:58:53.827", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dir-1935_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A6AE595-FF06-4B38-AF86-0B9B180F1DC0", "versionEndIncluding": "1.02"}, {"criteria": "cpe:2.3:o:dlink:dir-1935_firmware:1.03:b1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "548F934E-4896-4451-877D-1A178F56978E"}, {"criteria": "cpe:2.3:o:dlink:dir-1935_firmware:1.03:b2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "723323DF-3E82-4454-8F8D-E1872B9428B0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dir-1935:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A721B868-A508-4F8B-9650-F132ED66E3A0"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "zdi-disclosures@trendmicro.com"}