Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable CGI with low-complexity injection but a required low-privilege session (PR:L); command execution on embedded firmware yields full C/I/A impact.
Primary rating from Vendor (VulDB).
CVSS VectorVendor: VulDB
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
A vulnerability has been found in D-Link DCS-935L 1.10.01. This affects the function sub_400E40 of the file setconf.cgi of the component POST Parameter Handler. Such manipulation of the argument UID leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
AnalysisAI
OS command injection in the D-Link DCS-935L Wi-Fi network camera (firmware 1.10.01) lets a remote attacker inject arbitrary operating-system commands through the UID POST parameter handled by the sub_400E40 function in setconf.cgi. The CVSS 4.0 vector requires low privileges (PR:L), so an attacker needs some level of authenticated/session access, after which they gain full confidentiality, integrity, and availability impact on the device. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires network reachability to the camera's HTTP management interface and a low-privilege authenticated session (CVSS PR:L), after which a single crafted POST to setconf.cgi with a malicious UID parameter triggers command injection - no user interaction (UI:N) and low attack complexity (AC:L). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals are moderately strong but not at emergency level. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who can reach the camera's web interface and obtain a low-privilege session (e.g. via default or guessed credentials, or an existing operator account) sends a crafted POST request to setconf.cgi with shell metacharacters embedded in the UID parameter. … |
| Remediation | No vendor-released patch identified at time of analysis - the DCS-935L is a legacy mydlink camera and may be end-of-life, so confirm patch availability directly with D-Link at https://www.dlink.com/ (vulnerability details: https://vuldb.com/cve/CVE-2026-13545). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Inventory all D-Link DCS-935L cameras; restrict administrative access to trusted network segments only and enforce password resets. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40045
GHSA-9rhw-hmqw-p7m4