CVE-2026-2260 — Command Injection in Dlink Dcs-931l Firmware

CWE-77 — Command Injection CWE-78 — OS Command Injection3 documents3 sources

Severity

7.3HIGHNVD

EPSS

0.1%

top 74.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dlink Dcs-931l Firmware D-link Dcs-931l

Timeline

PublishedFeb 10

Description

A vulnerability was found in D-Link DCS-931L up to 1.13.0. This affects an unknown part of the file /goform/setSysAdmin. The manipulation of the argument AdminID results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

▶NVDdlink/dcs-931l_firmware1.0.0 — 1.13.00

▶CVEListV5d-link/dcs-931l14 versions+13

🔴Vulnerability Details

GHSA

GHSA-9v69-wg3m-pj38: A vulnerability was found in D-Link DCS-931L up to 1↗2026-02-10

▶

CVEList

D-Link DCS-931L setSysAdmin os command injection↗2026-02-10

▶