CVE 8.7 HIGH

D-Link DCS-935L POST Parameter setconf.cgi sub_400E40 os command injection_CVE-2026-13545

June 29, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A vulnerability has been found in D-Link DCS-935L 1.10.01. This affects the function sub_400E40 of the file setconf.cgi of the component POST Parameter Handler. Such manipulation of the argument UID leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

AI Analysis

OS command injection vulnerability in D-Link DCS-935L 1.10.01 via the setconf.cgi file, allowing remote attackers to execute arbitrary commands.

Basic Information

ID CVE-2026-13545

Source VulDB

Published Jun 29, 2026 at 07:00

Affected Product

Vendor D-Link

Product DCS-935L

Version 1.10.01

Affected Versions D-Link DCS-935L 1.10.01

CWE Classification

CWE-78 CWE-77

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor D-Link

Product DCS-935L

Version 1.10.01

References

{
    "lastseen": "",
    "description": "A vulnerability has been found in D-Link DCS-935L 1.10.01. This affects the function sub_400E40 of the file setconf.cgi of the component POST Parameter Handler. Such manipulation of the argument UID leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.",
    "published": "2026-06-29T07:00:11.050Z",
    "modified": "2026-06-29T07:00:11.050Z",
    "type": "cve",
    "title": "D-Link DCS-935L POST Parameter setconf.cgi sub_400E40 os command injection",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/374553\nhttps://vuldb.com/vuln/374553/cti\nhttps://vuldb.com/cve/CVE-2026-13545\nhttps://vuldb.com/submit/842589\nhttps://github.com/Real-Simplicity/cve-database/tree/main/CVE_Report_DLink_DCS935L_Command_Injection\nhttps://www.dlink.com/",
    "id": "CVE-2026-13545",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78",
        "CWE-77"
    ],
    "cvelist": null,
    "sourceData": "D-Link DCS-935L 1.10.01",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "DCS-935L",
    "version": "1.10.01",
    "vendor": "D-Link",
    "ai_description": "OS command injection vulnerability in D-Link DCS-935L 1.10.01 via the setconf.cgi file, allowing remote attackers to execute arbitrary commands.",
    "ai_severity": "High",
    "ai_vendor": "D-Link",
    "ai_product": "DCS-935L",
    "ai_version": "1.10.01",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply