Dcs 935L
Monthly
Format string vulnerability in the D-Link DCS-935L 1.10.01 IP camera allows authenticated remote attackers to corrupt memory and likely achieve information disclosure or code execution by manipulating the data argument passed to snprintf within the /web/cgi-bin/greece/rhea HTTP handler. Publicly available exploit code exists per VulDB submission, though this CVE is not on the CISA KEV list. The CVSS 4.0 score of 7.4 reflects high impact on confidentiality, integrity, and availability with low-privilege authentication required.
Format string vulnerability in the D-Link DCS-935L 1.10.01 IP camera allows authenticated remote attackers to corrupt memory and likely achieve information disclosure or code execution by manipulating the data argument passed to snprintf within the /web/cgi-bin/greece/rhea HTTP handler. Publicly available exploit code exists per VulDB submission, though this CVE is not on the CISA KEV list. The CVSS 4.0 score of 7.4 reflects high impact on confidentiality, integrity, and availability with low-privilege authentication required.