CVE-2022-43620

Name of the Vulnerable Software and Affected Versions D-Link DIR-1935 version 1.03

Description This issue allows network-adjacent attackers to bypass authentication on affected installations. The specific flaw exists within the handling of HNAP login requests, resulting from the lack of proper implementation of the authentication algorithm. An attacker can leverage this to bypass authentication on the system.

Recommendations For D-Link DIR-1935 version 1.03, as a temporary workaround, consider disabling the handling of HNAP login requests until a patch is available. Restrict access to the HNAP protocol to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.