CVE-2022-40946

HIGH

D-Link DIR-819 Firmware 1.06 - Denial of Service via sys_token Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-40946. PoCs published by whokilleddb.

AI-analyzed exploit summary This exploit triggers a Denial of Service (DoS) in DLink DIR-819 routers by sending a crafted HTTP request with a malformed 'sys_Token' parameter. The exploit leverages a buffer overflow vulnerability to crash the router's web service.

Description

On D-Link DIR-819 Firmware Version 1.06 Hardware Version A1 devices, it is possible to trigger a Denial of Service via the sys_token parameter in a cgi-bin/webproc?getpage=html/index.html request.

Exploits (1)

exploitdb WORKING POC
by whokilleddb · textdoshardware
https://www.exploit-db.com/exploits/51053

This exploit triggers a Denial of Service (DoS) in DLink DIR-819 routers by sending a crafted HTTP request with a malformed 'sys_Token' parameter. The exploit leverages a buffer overflow vulnerability to crash the router's web service.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: DLink DIR-819 (Firmware Version: 1.06, Hardware Version: A1)
No auth needed
Prerequisites: Network access to the target router · Router's web interface must be accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 7.5
EPSS 0.0797
EPSS Percentile 94.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-400
Status published
Products (1)
dlink/dir-819_firmware 1.06
Published Apr 16, 2023
Tracked Since Feb 18, 2026