PT-2026-7070 · D Link · D-Link Dcs-933L

Allanp0E

·

Publicado

2026-02-09

·

Atualizado

2026-02-09

·

CVE-2026-2218

CVSS v3.1

8.8

Alta

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions D-Link DCS-933L versions up to 1.14.11
Description A flaw exists in D-Link DCS-933L that allows for command injection. This issue stems from manipulating the AdminID argument within an unknown function of the /setSystemAdmin file, part of the alphapd component. Successful exploitation enables remote attackers to execute commands on the system. The exploit is publicly available. This vulnerability impacts products no longer supported by the maintainer.
Recommendations Versions prior to 1.14.11 should not be used.

Exploit

Correção

Command Injection

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-77CWE-74

Identificadores relacionados

CVE-2026-2218

Produtos afetados

D-Link Dcs-933L