CVE-2026-2218

CWE-74CWE-77Command Injection3 documents3 sources
Severity
5.3MEDIUM
EPSS
0.1%
top 76.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Dlink Dcs-933l FirmwareD-link Dcs-933l
Timeline
PublishedFeb 9

Description

A vulnerability was determined in D-Link DCS-933L up to 1.14.11. This affects an unknown function of the file /setSystemAdmin of the component alphapd. This manipulation of the argument AdminID causes command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5d-link/dcs-933l12 versions+11

🔴Vulnerability Details

2
CVEList
D-Link DCS-933L alphapd setSystemAdmin command injection2026-02-09
GHSA
GHSA-4r8r-m45w-c7cj: A vulnerability was determined in D-Link DCS-933L up to 12026-02-09
CVE-2026-2218 (MEDIUM CVSS 5.3) | A vulnerability was determined in D | cvebase.io