How severe is CVE-2022-43619?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.8 out of 10.

What type of vulnerability is CVE-2022-43619?

This is classified as CWE-134, which is a common weakness in software security.

CVE-2022-43619 - MEDIUM Severity | CVSS 6.8

Vulnerability Description

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of ConfigFileUpload requests to the web management portal. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16141.

Related Vulnerabilities

CVE-2023-36640

MEDIUM

CVSS:6.7(Medium)

A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1...

CWE-1342023

CVE-2023-40721

MEDIUM

CVSS:6.7(Medium)

A use of externally-controlled format string vulnerability [CWE-134] in Fortinet FortiOS version 7.4.0 through 7.4.1 and before 7.2.6, FortiProxy version 7.4.0 and before 7.2.7, FortiPAM version 1.1.2...

CWE-1342023

CVE-2023-41842

MEDIUM

CVSS:6.7(Medium)

A use of externally-controlled format string vulnerability [CWE-134] in Fortinet FortiManager version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer version...

CWE-1342023

CVE-2023-48784

MEDIUM

CVSS:6.7(Medium)

A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.1 and below, version 7.2.7 and below, 7.0 all versions, 6.4 all versions command line interface may allow a ...

CWE-1342023

CVE-2022-24051

HIGH

CVSS:7.0(High)

MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication i...

CWE-1342022

CVE-2016-1895

MEDIUM

CVSS:6.5(Medium)

NetApp Data ONTAP before 8.2.5 and 8.3.x before 8.3.2P12 allow remote authenticated users to cause a denial of service via vectors related to unsafe user input string handling.

CWE-1342016