A vulnerability was found in D-Link DCS-931L up to 1.13.0. This affects an unknown part of the file /goform/setSysAdmin. The manipulation of the argument AdminID results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
References
| Link | Resource |
|---|---|
| https://github.com/cha0yang1/CVE/blob/main/DLinkRce.md | Exploit Third Party Advisory |
| https://github.com/cha0yang1/CVE/blob/main/DLinkRce.md#poc | Exploit Third Party Advisory |
| https://vuldb.com/?ctiid.345007 | Permissions Required VDB Entry |
| https://vuldb.com/?id.345007 | Third Party Advisory VDB Entry |
| https://vuldb.com/?submit.753398 | Third Party Advisory VDB Entry |
| https://www.dlink.com/ | Product |
Configurations
Configuration 1 (hide)
| AND |
|
History
12 Feb 2026, 15:33
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:h:dlink:dcs-931l:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dcs-931l_firmware:*:*:*:*:*:*:*:* |
|
| First Time |
Dlink dcs-931l Firmware
Dlink Dlink dcs-931l |
|
| References | () https://github.com/cha0yang1/CVE/blob/main/DLinkRce.md - Exploit, Third Party Advisory | |
| References | () https://github.com/cha0yang1/CVE/blob/main/DLinkRce.md#poc - Exploit, Third Party Advisory | |
| References | () https://vuldb.com/?ctiid.345007 - Permissions Required, VDB Entry | |
| References | () https://vuldb.com/?id.345007 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/?submit.753398 - Third Party Advisory, VDB Entry | |
| References | () https://www.dlink.com/ - Product |
10 Feb 2026, 04:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-02-10 04:16
Updated : 2026-02-12 15:33
NVD link : CVE-2026-2260
Mitre link : CVE-2026-2260
CVE.ORG link : CVE-2026-2260
JSON object : View
Products Affected
dlink
- dcs-931l
- dcs-931l_firmware