CVE 8.7 HIGH

D-Link DCS-935L HTTP rhea snprintf format string_CVE-2026-12174

June 13, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A security vulnerability has been detected in D-Link DCS-935L 1.10.01. This issue affects the function snprintf of the file /web/cgi-bin/greece/rhea of the component HTTP Handler. Such manipulation of the argument data leads to format string. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.

AI Analysis

Format string vulnerability in D-Link DCS-935L HTTP Handler via snprintf function

Basic Information

ID CVE-2026-12174

Source VulDB

Published Jun 13, 2026 at 20:15

Affected Product

Vendor D-Link

Product DCS-935L

Version 1.10.01

Affected Versions D-Link DCS-935L 1.10.01

CWE Classification

CWE-134 CWE-119

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor D-Link

Product DCS-935L

Version 1.10.01

References

{
    "lastseen": "",
    "description": "A security vulnerability has been detected in D-Link DCS-935L 1.10.01. This issue affects the function snprintf of the file /web/cgi-bin/greece/rhea of the component HTTP Handler. Such manipulation of the argument data leads to format string. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.",
    "published": "2026-06-13T20:15:12.362Z",
    "modified": "2026-06-13T20:15:12.362Z",
    "type": "cve",
    "title": "D-Link DCS-935L HTTP rhea snprintf format string",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/370815\nhttps://vuldb.com/vuln/370815/cti\nhttps://vuldb.com/cve/CVE-2026-12174\nhttps://vuldb.com/submit/837209\nhttps://github.com/Real-Simplicity/cve-database/tree/main/CVE_Report_DLink_DCS935L_Format_String\nhttps://www.dlink.com/",
    "id": "CVE-2026-12174",
    "bulletinFamily": "",
    "cwe": [
        "CWE-134",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "D-Link DCS-935L 1.10.01",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "DCS-935L",
    "version": "1.10.01",
    "vendor": "D-Link",
    "ai_description": "Format string vulnerability in D-Link DCS-935L HTTP Handler via snprintf function",
    "ai_severity": "High",
    "ai_vendor": "D-Link",
    "ai_product": "DCS-935L",
    "ai_version": "1.10.01",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply