PT-2026-53222 · D Link · Dcs-935L

Simplicity

Published

2026-06-28

Updated

2026-06-29

CVE-2026-13545

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions D-Link DCS-935L version 1.10.01

Description An OS command injection flaw exists in the POST Parameter Handler component. The issue occurs within the sub 400E40() function of the setconf.cgi file. A remote attacker can exploit this by manipulating the UID argument, allowing for the execution of arbitrary operating system commands.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the setconf.cgi file to minimize the risk of exploitation.

Exploit

OS Command Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-77

Related Identifiers

CVE-2026-13545

Affected Products

Dcs-935L

PT-2026-53222 · D Link · Dcs-935L

CVE-2026-13545

Weakness Enumeration

Related Identifiers

Affected Products

References · 8