D-Link DCS-933L alphapd setSystemAdmin command injection_CVE-2026-2218

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was determined in D-Link DCS-933L up to 1.14.11. This affects an unknown function of the file /setSystemAdmin of the component alphapd. This manipulation of the argument AdminID causes command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer.

Basic Information

ID CVE-2026-2218

Source VulDB

Published Feb 9, 2026 at 06:02

Affected Product

Vendor D-Link

Product DCS-933L

Version 1.14.0

Affected Versions D-Link DCS-933L 1.14.0
D-Link DCS-933L 1.14.1
D-Link DCS-933L 1.14.2
D-Link DCS-933L 1.14.3
D-Link DCS-933L 1.14.4
D-Link DCS-933L 1.14.5
D-Link DCS-933L 1.14.6
D-Link DCS-933L 1.14.7
D-Link DCS-933L 1.14.8
D-Link DCS-933L 1.14.9
D-Link DCS-933L 1.14.10
D-Link DCS-933L 1.14.11

CWE Classification

CWE-77 CWE-74

References

{
    "lastseen": "",
    "description": "A vulnerability was determined in D-Link DCS-933L up to 1.14.11. This affects an unknown function of the file /setSystemAdmin of the component alphapd. This manipulation of the argument AdminID causes command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer.",
    "published": "2026-02-09T06:02:09.726Z",
    "modified": "2026-02-09T06:02:09.726Z",
    "type": "cve",
    "title": "D-Link DCS-933L alphapd setSystemAdmin command injection",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.344936\nhttps://vuldb.com/?ctiid.344936\nhttps://vuldb.com/?submit.753247\nhttps://github.com/jinhao118/cve/blob/main/D-Link%20DCS933L_v1.14.11.md\nhttps://github.com/jinhao118/cve/blob/main/D-Link%20DCS933L_v1.14.11.md#poc\nhttps://www.dlink.com/",
    "id": "CVE-2026-2218",
    "bulletinFamily": "",
    "cwe": [
        "CWE-77",
        "CWE-74"
    ],
    "cvelist": null,
    "sourceData": "D-Link DCS-933L 1.14.0\nD-Link DCS-933L 1.14.1\nD-Link DCS-933L 1.14.2\nD-Link DCS-933L 1.14.3\nD-Link DCS-933L 1.14.4\nD-Link DCS-933L 1.14.5\nD-Link DCS-933L 1.14.6\nD-Link DCS-933L 1.14.7\nD-Link DCS-933L 1.14.8\nD-Link DCS-933L 1.14.9\nD-Link DCS-933L 1.14.10\nD-Link DCS-933L 1.14.11",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "DCS-933L",
    "version": "1.14.0",
    "vendor": "D-Link",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}