Cyber Resilience

CVE-2022-35620

CriticalPublic PoC

Published: 03 August 2022

Published
03 August 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.2525 96.3th percentile
Risk Priority 35 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-35620 is a critical-severity an unspecified weakness vulnerability in Dlink Dir-818L Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 3.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

D-Link DIR-818LW A1 routers running firmware DIR818L_FW105b01 contain a remote code execution vulnerability in the binary.soapcgi_main function. The flaw received a CVSS 3.1 score of 9.8, reflecting network-accessible attack complexity that requires no authentication or user interaction and yields complete confidentiality, integrity, and availability impact.

An unauthenticated attacker can send crafted requests over the network to the affected SOAP CGI handler and execute arbitrary code on the device. Successful exploitation grants full control of the router, enabling traffic interception, persistence, or use as an entry point into attached networks.

D-Link has published a security bulletin addressing the issue, while public references include technical details and proof-of-concept material hosted on GitHub. The EPSS score has remained steady at 0.2525 with no material increase since disclosure.

EU & UK References

Vulnerability details

D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain a remote code execution (RCE) vulnerability via the function binary.soapcgi_main.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

dlink
dir-818l firmware
105b01

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References