Skip to main content

D-Link DCS-935L CVE-2026-13545

| EUVDEUVD-2026-40045 HIGH
OS Command Injection (CWE-78)
2026-06-29 VulDB GHSA-9rhw-hmqw-p7m4
7.4
CVSS 4.0 · Vendor: VulDB
Share

Severity by source

Vendor (VulDB) PRIMARY
7.4 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
8.8 HIGH

Network-reachable CGI with low-complexity injection but a required low-privilege session (PR:L); command execution on embedded firmware yields full C/I/A impact.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (VulDB).

CVSS VectorVendor: VulDB

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

5
Analysis Updated
Jun 29, 2026 - 09:28 vuln.today
v3 (cvss_changed)
Analysis Updated
Jun 29, 2026 - 09:28 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jun 29, 2026 - 09:22 vuln.today
cvss_changed
CVSS changed
Jun 29, 2026 - 09:22 NVD
8.7 (HIGH) 7.4 (HIGH)
Analysis Generated
Jun 29, 2026 - 09:15 vuln.today

DescriptionCVE.org

A vulnerability has been found in D-Link DCS-935L 1.10.01. This affects the function sub_400E40 of the file setconf.cgi of the component POST Parameter Handler. Such manipulation of the argument UID leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

OS command injection in the D-Link DCS-935L Wi-Fi network camera (firmware 1.10.01) lets a remote attacker inject arbitrary operating-system commands through the UID POST parameter handled by the sub_400E40 function in setconf.cgi. The CVSS 4.0 vector requires low privileges (PR:L), so an attacker needs some level of authenticated/session access, after which they gain full confidentiality, integrity, and availability impact on the device. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach camera web interface
Delivery
Obtain low-privilege session
Exploit
Send crafted POST to setconf.cgi
Execution
Inject shell metacharacters via UID parameter
Persist
Execute arbitrary OS commands (likely root)
Impact
Backdoor device or pivot into network

Vulnerability AssessmentAI

Exploitation Exploitation requires network reachability to the camera's HTTP management interface and a low-privilege authenticated session (CVSS PR:L), after which a single crafted POST to setconf.cgi with a malicious UID parameter triggers command injection - no user interaction (UI:N) and low attack complexity (AC:L). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are moderately strong but not at emergency level. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who can reach the camera's web interface and obtain a low-privilege session (e.g. via default or guessed credentials, or an existing operator account) sends a crafted POST request to setconf.cgi with shell metacharacters embedded in the UID parameter. …
Remediation No vendor-released patch identified at time of analysis - the DCS-935L is a legacy mydlink camera and may be end-of-life, so confirm patch availability directly with D-Link at https://www.dlink.com/ (vulnerability details: https://vuldb.com/cve/CVE-2026-13545). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Inventory all D-Link DCS-935L cameras; restrict administrative access to trusted network segments only and enforce password resets. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-13545 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy