Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for DCS-933L by D-Link

    CVE-2026-2218 (GCVE-0-2026-2218)

    Vulnerability from nvd – Published: 2026-02-09 06:02 – Updated: 2026-02-23 09:57 Unsupported When Assigned
    VLAI
    Title
    D-Link DCS-933L alphapd setSystemAdmin command injection
    Summary
    A vulnerability was determined in D-Link DCS-933L up to 1.14.11. This affects an unknown function of the file /setSystemAdmin of the component alphapd. This manipulation of the argument AdminID causes command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DCS-933L Affected: 1.14.0
    Affected: 1.14.1
    Affected: 1.14.2
    Affected: 1.14.3
    Affected: 1.14.4
    Affected: 1.14.5
    Affected: 1.14.6
    Affected: 1.14.7
    Affected: 1.14.8
    Affected: 1.14.9
    Affected: 1.14.10
    Affected: 1.14.11
    Create a notification for this product.
    Credits
    allanp0e (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2218",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-09T16:11:12.479527Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-09T16:11:25.567Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "alphapd"
              ],
              "product": "DCS-933L",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.14.0"
                },
                {
                  "status": "affected",
                  "version": "1.14.1"
                },
                {
                  "status": "affected",
                  "version": "1.14.2"
                },
                {
                  "status": "affected",
                  "version": "1.14.3"
                },
                {
                  "status": "affected",
                  "version": "1.14.4"
                },
                {
                  "status": "affected",
                  "version": "1.14.5"
                },
                {
                  "status": "affected",
                  "version": "1.14.6"
                },
                {
                  "status": "affected",
                  "version": "1.14.7"
                },
                {
                  "status": "affected",
                  "version": "1.14.8"
                },
                {
                  "status": "affected",
                  "version": "1.14.9"
                },
                {
                  "status": "affected",
                  "version": "1.14.10"
                },
                {
                  "status": "affected",
                  "version": "1.14.11"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "allanp0e (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was determined in D-Link DCS-933L up to 1.14.11. This affects an unknown function of the file /setSystemAdmin of the component alphapd. This manipulation of the argument AdminID causes command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-23T09:57:39.765Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-344936 | D-Link DCS-933L alphapd setSystemAdmin command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.344936"
            },
            {
              "name": "VDB-344936 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.344936"
            },
            {
              "name": "Submit #753247 | D-Link DCS933L   v1.14.11 Command Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.753247"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/jinhao118/cve/blob/main/D-Link%20DCS933L_v1.14.11.md"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/jinhao118/cve/blob/main/D-Link%20DCS933L_v1.14.11.md#poc"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "tags": [
            "unsupported-when-assigned"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-02-08T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-02-08T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-02-12T08:47:13.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DCS-933L alphapd setSystemAdmin command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-2218",
        "datePublished": "2026-02-09T06:02:09.726Z",
        "dateReserved": "2026-02-08T14:48:00.369Z",
        "dateUpdated": "2026-02-23T09:57:39.765Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-2218 (GCVE-0-2026-2218)

    Vulnerability from cvelistv5 – Published: 2026-02-09 06:02 – Updated: 2026-02-23 09:57 Unsupported When Assigned
    VLAI
    Title
    D-Link DCS-933L alphapd setSystemAdmin command injection
    Summary
    A vulnerability was determined in D-Link DCS-933L up to 1.14.11. This affects an unknown function of the file /setSystemAdmin of the component alphapd. This manipulation of the argument AdminID causes command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DCS-933L Affected: 1.14.0
    Affected: 1.14.1
    Affected: 1.14.2
    Affected: 1.14.3
    Affected: 1.14.4
    Affected: 1.14.5
    Affected: 1.14.6
    Affected: 1.14.7
    Affected: 1.14.8
    Affected: 1.14.9
    Affected: 1.14.10
    Affected: 1.14.11
    Create a notification for this product.
    Credits
    allanp0e (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2218",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-09T16:11:12.479527Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-09T16:11:25.567Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "alphapd"
              ],
              "product": "DCS-933L",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.14.0"
                },
                {
                  "status": "affected",
                  "version": "1.14.1"
                },
                {
                  "status": "affected",
                  "version": "1.14.2"
                },
                {
                  "status": "affected",
                  "version": "1.14.3"
                },
                {
                  "status": "affected",
                  "version": "1.14.4"
                },
                {
                  "status": "affected",
                  "version": "1.14.5"
                },
                {
                  "status": "affected",
                  "version": "1.14.6"
                },
                {
                  "status": "affected",
                  "version": "1.14.7"
                },
                {
                  "status": "affected",
                  "version": "1.14.8"
                },
                {
                  "status": "affected",
                  "version": "1.14.9"
                },
                {
                  "status": "affected",
                  "version": "1.14.10"
                },
                {
                  "status": "affected",
                  "version": "1.14.11"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "allanp0e (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was determined in D-Link DCS-933L up to 1.14.11. This affects an unknown function of the file /setSystemAdmin of the component alphapd. This manipulation of the argument AdminID causes command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-23T09:57:39.765Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-344936 | D-Link DCS-933L alphapd setSystemAdmin command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.344936"
            },
            {
              "name": "VDB-344936 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.344936"
            },
            {
              "name": "Submit #753247 | D-Link DCS933L   v1.14.11 Command Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.753247"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/jinhao118/cve/blob/main/D-Link%20DCS933L_v1.14.11.md"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/jinhao118/cve/blob/main/D-Link%20DCS933L_v1.14.11.md#poc"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "tags": [
            "unsupported-when-assigned"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-02-08T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-02-08T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-02-12T08:47:13.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DCS-933L alphapd setSystemAdmin command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-2218",
        "datePublished": "2026-02-09T06:02:09.726Z",
        "dateReserved": "2026-02-08T14:48:00.369Z",
        "dateUpdated": "2026-02-23T09:57:39.765Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }