PT-2026-39536 · D Link · Dcs-935L
0Xcc12138
·
Published
2026-05-10
·
Updated
2026-05-12
·
CVE-2026-8260
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
D-Link DCS-935L versions prior to 1.10.01
Description
A remote buffer overflow exists in the HNAP Service component within the '/web/cgi-bin/hnap/hnap service' file. The issue occurs during the processing of the
SetDeviceSettings() function when the AdminPassword argument is manipulated. This flaw allows attackers to execute arbitrary code remotely.Recommendations
Update to a version later than 1.10.01.
As a temporary workaround, disable the HNAP Service to minimize the risk of exploitation.
Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Dcs-935L