Which versions of D-Link DCS-935L are affected by EUVD-2026-29016?

D-Link DCS-935L network cameras running firmware versions up to 1.10.01 contain a buffer overflow vulnerability in the HNAP service that allows authenticated attackers to achieve complete system…

Is there a public PoC exploit available for EUVD-2026-29016?

Yes, a public proof-of-concept exploit is available for EUVD-2026-29016. Prioritise patching immediately. EPSS: 0.0%.

D-Link DCS-935L EUVD-2026-29016

Q: What is the CVSS score of EUVD-2026-29016?

EUVD-2026-29016 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

| CVE-2026-8260 HIGH

Classic Buffer Overflow (CWE-120)

2026-05-11 VulDB

GHSA-m69q-2cfc-q63c

Buffer Overflow D-Link

7.4

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Updated

May 11, 2026 - 02:27 vuln.today

v2 (cvss_changed)

Re-analysis Queued

May 11, 2026 - 02:22 vuln.today

cvss_changed

CVSS changed

May 11, 2026 - 02:22 NVD

8.8 (HIGH) 7.4 (HIGH)

Analysis Generated

May 11, 2026 - 02:01 vuln.today

CVE Published

May 11, 2026 - 01:15 nvd

HIGH 8.8

DescriptionNVD

A vulnerability was found in D-Link DCS-935L up to 1.10.01. The impacted element is the function SetDeviceSettings of the file /web/cgi-bin/hnap/hnap_service of the component HNAP Service. The manipulation of the argument AdminPassword results in buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used.

AnalysisAI

Buffer overflow in D-Link DCS-935L camera firmware versions up to 1.10.01 allows authenticated remote attackers to achieve complete system compromise via crafted AdminPassword parameter to the HNAP service. Public exploit code exists on GitHub (0xcc12138/DCS-935L-HNAP-Service-CVE), demonstrating weaponization of this vulnerability. …

RemediationAI

Within 24 hours: Inventory all D-Link DCS-935L cameras and document firmware versions; restrict network access to these devices to trusted networks only using firewall rules or VLANs. Within 7 days: Change all camera administrative credentials to complex, unique passwords; disable HNAP service if not required for legitimate management. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-4377 MEDIUM This Month

6.0 May 28

Weak default credential generation in the D-Link DWR-X1820 router exposes administrative access to adjacent-network atta

EUVD-2026-29016 vulnerability details – vuln.today

Back

D-Link DCS-935L EUVD-2026-29016

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

More from same product – last 7 days

Share

D-Link DCS-935L EUVD-2026-29016

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

More from same product – last 7 days

Share

External POC / Exploit Code