CVE-2026-1419
published 2026-01-26CVE-2026-1419: A weakness has been identified in D-Link DCS700l 1.03.09. Affected is an unknown function of the file /setDayNightMode of the component Web Form Handler…
PriorityP267high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
15.14%
96.3th percentile
A weakness has been identified in D-Link DCS700l 1.03.09. Affected is an unknown function of the file /setDayNightMode of the component Web Form Handler. Executing a manipulation of the argument LightSensorControl can lead to command injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| d-link | dcs700l | — | — |
| dlink | dcs-700l_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
snort
alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS D-Link setDayNightMode LightSensorControl Parameter Command Injection Attempt (CVE-2026-1419)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/setDayNightMode"; fast_pattern; http.request_body; content:"LightSensorControl|3d|"; pcre:"/^[^\x26]*?(?:(?:\x3b|%3[Bb])|(?:\x0a|%0[Aa])|(?:\x60|%60)|(?:\x7c|%7[Cc])|(?:\x24|%24))+/R"; reference:url,tzh00203.notion.site/D-Link-DCS700l-v1-03-09-Command-Injection-Vulnerability-in-LightSensorControl-Parameter-2e6b5c52018a80ada0f6d7e72efd7a45; reference:cve,2026-1419; classtype:attempted-admin; sid:2067088; rev:1;)
- →Attack is delivered via HTTP POST to /setDayNightMode; inspect request body for the 'LightSensorControl=' parameter followed by shell metacharacters (;, newline \x0a, backtick \x60, pipe \x7c, dollar \x24) or their URL-encoded equivalents.
- →Exploit is publicly available and the attack can be launched remotely; prioritize perimeter and internal network monitoring for inbound HTTP POST requests targeting D-Link DCS700l devices.
- →Snort/Suricata SID 2067088 (ET rule) covers this exploit; deploy on both perimeter and internal sensors in plaintext TLS state with low performance impact.
- ·The affected endpoint /setDayNightMode is only present on D-Link DCS700l firmware version 1.03.09; scope detection rules to that specific device/firmware to reduce false positives.
- ·The PCRE in the Snort rule anchors on the absence of '&' (\x26) before the injection metacharacter, meaning URL-encoded ampersands used as parameter separators may affect match accuracy in edge cases.
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv4.02.0LOWCVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.05.8MEDIUMAV:N/AC:L/Au:M/C:P/I:P/A:P
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS D-Link setDayNightMode LightSensorControl Parameter Command Injection Attempt (CVE-2026-1419)
suricata·2026-01-26·CVSS 5.1
CVE-2026-1419 [MEDIUM] ET WEB_SPECIFIC_APPS D-Link setDayNightMode LightSensorControl Parameter Command Injection Attempt (CVE-2026-1419)
ET WEB_SPECIFIC_APPS D-Link setDayNightMode LightSensorControl Parameter Command Injection Attempt (CVE-2026-1419)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS D-Link setDayNightMode LightSensorControl Parameter Command Injection Attempt (CVE-2026-1419)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/setDayNightMode"; fast_pattern; http.request_body; content:"LightSensorControl|3d|"; pcre:"/^[^\x26]*?(?:(?:\x3b|%3[Bb])|(?:\x0a|%0[Aa])|(?:\x60|%60)|(?:\x7c|%7[Cc])|(?:\x24|%24))+/R"; reference:url,tzh00203.notion.site/D-Link-DCS700l-v1-03-09-Command-Injection-Vulnerability-in-LightSensorControl-Parameter-2e6b5c52018a80ada0f6d7e72efd7a45; reference:cve,2026-1419; classtype:attempted-admin; sid:2067088; rev:1; metadata:affected_product D_
No public exploits indexed.
No writeups or analysis indexed.
2026-01-26
Published