CVE-2022-35620
Published: 03 August 2022
Summary
CVE-2022-35620 is a critical-severity an unspecified weakness vulnerability in Dlink Dir-818L Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 3.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
D-Link DIR-818LW A1 routers running firmware DIR818L_FW105b01 contain a remote code execution vulnerability in the binary.soapcgi_main function. The flaw received a CVSS 3.1 score of 9.8, reflecting network-accessible attack complexity that requires no authentication or user interaction and yields complete confidentiality, integrity, and availability impact.
An unauthenticated attacker can send crafted requests over the network to the affected SOAP CGI handler and execute arbitrary code on the device. Successful exploitation grants full control of the router, enabling traffic interception, persistence, or use as an entry point into attached networks.
D-Link has published a security bulletin addressing the issue, while public references include technical details and proof-of-concept material hosted on GitHub. The EPSS score has remained steady at 0.2525 with no material increase since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-38502
Vulnerability details
D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain a remote code execution (RCE) vulnerability via the function binary.soapcgi_main.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.