CVE-2026-2260
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Description
A vulnerability was found in D-Link DCS-931L up to 1.13.0. This affects an unknown part of the file /goform/setSysAdmin. The manipulation of the argument AdminID results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
Analysis
Remote code execution in D-Link DCS-931L camera firmware through OS command injection in the /goform/setSysAdmin endpoint allows authenticated attackers to execute arbitrary commands on affected devices. Public exploit code exists for this vulnerability, and no patch is available since the product is no longer supported by the vendor.
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify and inventory all D-Link DCS-931L devices in your environment and assess network exposure. Within 7 days: Implement network segmentation to restrict administrative access to these devices, disable remote management if not business-critical, and apply the recommended compensating controls below. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today