CVE-2022-43624 – This vulnerability allows network-adjacent atta... (How to Fix)

Q: What is the severity of CVE-2022-43624?

CVE-2022-43624 has a CVSS score of 6.8 (MEDIUM). This vulnerability allows network-adjacent attackers to execute arbitrary code as root on D-Link DIR-1935 routers by bypassing authentication and exploiting improper input validation in IPv6 static route handling. Attackers can gain complete control of affected routers. Only D-Link DIR-1935 routers with firmware version 1.03 are affected.

📋 TL;DR

This vulnerability allows network-adjacent attackers to execute arbitrary code as root on D-Link DIR-1935 routers by bypassing authentication and exploiting improper input validation in IPv6 static route handling. Attackers can gain complete control of affected routers. Only D-Link DIR-1935 routers with firmware version 1.03 are affected.

💻 Affected Systems

Products:

D-Link DIR-1935

Versions: 1.03

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Requires network adjacency and web management portal access, but authentication can be bypassed.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete router compromise allowing attackers to intercept all network traffic, install persistent malware, pivot to internal networks, and use the router for botnet activities.

🟠

Likely Case

Router takeover leading to DNS hijacking, credential theft from network traffic, and installation of backdoors for persistent access.

🟢

If Mitigated

Limited impact if routers are isolated from critical networks and have strict network segmentation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploit requires network access and authentication bypass, but detailed technical information is publicly available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.04 or later

Vendor Advisory: https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10310

Restart Required: Yes

Instructions:

1. Log into router web interface. 2. Navigate to Firmware Update section. 3. Download firmware version 1.04 or later from D-Link support site. 4. Upload and apply the firmware update. 5. Reboot router after update completes.

🔧 Temporary Workarounds

Disable IPv6 Static Routes

all

Remove or disable IPv6 static route configuration if not needed

Restrict Web Management Access

all

Limit web management portal access to specific trusted IP addresses only

🧯 If You Can't Patch

Isolate affected routers in separate VLAN with no access to critical internal resources
Implement network monitoring for suspicious traffic patterns from router to internal systems

🔍 How to Verify

Check if Vulnerable:

Check router firmware version via web interface: System > Firmware Update > Current Firmware Version

Check Version:

Not applicable - use web interface

Verify Fix Applied:

Verify firmware version shows 1.04 or later after update

📡 Detection & Monitoring

Log Indicators:

Unusual authentication attempts to web interface
Unexpected system command execution in router logs
Multiple failed SetStaticRouteIPv6Settings requests

Network Indicators:

Suspicious outbound connections from router to unknown IPs
Unusual traffic patterns from router management interface

SIEM Query:

source="router_logs" AND ("SetStaticRouteIPv6Settings" OR "authentication bypass" OR "root shell")

📊 Metadata

CVE ID: CVE-2022-43624

CVSS v3 Score: 6.8 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-78

Published: March 29, 2023

Last Updated: November 21, 2024

🔗 References

https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10310 Patch,Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-1496/ Third Party Advisory,VDB Entry
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10310 Patch,Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-1496/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-43624, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Dir 1935 Firmware by Dlink

Dir 1935 Firmware by Dlink

Dir 1935 Firmware by Dlink

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable IPv6 Static Routes

Restrict Web Management Access

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities