D-Link Dcs-935L vulnerabilities
4 known vulnerabilities affecting d-link/dcs-935l.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3
Vulnerabilities
Page 1 of 1
CVE-2026-13545P2HIGHCVSS 8.8v1.10.012026-06-29
CVE-2026-13545 [HIGH] CWE-77 CVE-2026-13545: A vulnerability has been found in D-Link DCS-935L 1.10.01. This affects the function sub_400E40 of t
A vulnerability has been found in D-Link DCS-935L 1.10.01. This affects the function sub_400E40 of the file setconf.cgi of the component POST Parameter Handler. Such manipulation of the argument UID leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
nvd
CVE-2025-10779P2CRITICALCVSS 9.8v1.13.012025-09-22
CVE-2025-10779 [CRITICAL] CWE-119 CVE-2025-10779: A vulnerability was found in D-Link DCS-935L up to 1.13.01. The impacted element is the function sub
A vulnerability was found in D-Link DCS-935L up to 1.13.01. The impacted element is the function sub_402280 of the file /HNAP1/. The manipulation of the argument HNAP_AUTH/SOAPAction results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been made public and could be used. This vulnerability only affects produ
nvd
CVE-2026-8260P2HIGHCVSS 8.8v1.10.012026-05-11
CVE-2026-8260 [HIGH] CWE-119 CVE-2026-8260: A vulnerability was found in D-Link DCS-935L up to 1.10.01. The impacted element is the function Set
A vulnerability was found in D-Link DCS-935L up to 1.10.01. The impacted element is the function SetDeviceSettings of the file /web/cgi-bin/hnap/hnap_service of the component HNAP Service. The manipulation of the argument AdminPassword results in buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used.
nvd
CVE-2026-12174P2HIGHCVSS 8.8v1.10.012026-06-13
CVE-2026-12174 [HIGH] CWE-119 CVE-2026-12174: A security vulnerability has been detected in D-Link DCS-935L 1.10.01. This issue affects the functi
A security vulnerability has been detected in D-Link DCS-935L 1.10.01. This issue affects the function snprintf of the file /web/cgi-bin/greece/rhea of the component HTTP Handler. Such manipulation of the argument data leads to format string. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
nvd