EUVD-2026-29113
GHSA-q7j6-fj2r-2q6g
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
4DescriptionNVD
D-Link DCS-932L v2.18.01 is vulnerable to Command Injection in the function sub_42EF14 of the file /bin/alphapd. The manipulation of the argument LightSensorControl leads to command injection.
AnalysisAI
Command injection in D-Link DCS-932L v2.18.01 allows remote unauthenticated attackers to execute arbitrary system commands via the LightSensorControl parameter in the /bin/alphapd binary. CVSS 7.3 indicates network-accessible exploitation with low complexity requiring no authentication or user interaction, though EPSS score of 0.15% (35th percentile) suggests low observed exploitation probability. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Inventory all D-Link DCS-932L devices across the network and isolate any running v2.18.01 from trusted network segments. Within 7 days: Implement network segmentation to restrict DCS-932L camera access to dedicated VLAN with strict egress filtering; disable remote management interfaces if enabled. …
Sign in for detailed remediation steps.
More from same product – last 7 days
Share
External POC / Exploit Code
Leaving vuln.today