CVE-2026-2218

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions D-Link DCS-933L versions up to 1.14.11

Description A flaw exists in D-Link DCS-933L that allows for command injection. This issue stems from manipulating the AdminID argument within an unknown function of the /setSystemAdmin file, part of the alphapd component. Successful exploitation enables remote attackers to execute commands on the system. The exploit is publicly available. This vulnerability impacts products no longer supported by the maintainer.

Recommendations Versions prior to 1.14.11 should not be used.

Exploit

Fix

Command Injection

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77CWE-74

Related Identifiers

CVE-2026-2218

Affected Products

D-Link Dcs-933L

CVE-2026-2218

Weakness Enumeration

Related Identifiers

Affected Products

References · 10