15 matches found
CVE-2026-2218
A vulnerability was determined in D-Link DCS-933L up to 1.14.11. This affects an unknown function of the file /setSystemAdmin of the component alphapd. This manipulation of the argument AdminID causes command injection. Remote exploitation of the attack is possible. The exploit has been publicly...
CVE-2026-2218
A vulnerability was determined in D-Link DCS-933L up to 1.14.11. This affects an unknown function of the file /setSystemAdmin of the component alphapd. This manipulation of the argument AdminID causes command injection. Remote exploitation of the attack is possible. The exploit has been publicly...
CVE-2026-2218
A vulnerability was determined in D-Link DCS-933L up to 1.14.11. This affects an unknown function of the file /setSystemAdmin of the component alphapd. This manipulation of the argument AdminID causes command injection. Remote exploitation of the attack is possible. The exploit has been publicly...
CVE-2026-2218 D-Link DCS-933L alphapd setSystemAdmin command injection
A vulnerability was determined in D-Link DCS-933L up to 1.14.11. This affects an unknown function of the file /setSystemAdmin of the component alphapd. This manipulation of the argument AdminID causes command injection. Remote exploitation of the attack is possible. The exploit has been publicly...
CVE-2026-2218
A vulnerability was determined in D-Link DCS-933L up to 1.14.11. This affects an unknown function of the file /setSystemAdmin of the component alphapd. This manipulation of the argument AdminID causes command injection. Remote exploitation of the attack is possible. The exploit has been publicly...
CVE-2026-2218 D-Link DCS-933L alphapd setSystemAdmin command injection
A vulnerability was determined in D-Link DCS-933L up to 1.14.11. This affects an unknown function of the file /setSystemAdmin of the component alphapd. This manipulation of the argument AdminID causes command injection. Remote exploitation of the attack is possible. The exploit has been publicly...
CVE-2026-2218
CVE-2026-2218 affects the D-Link DCS-933L firmware up to 1.14.11, targeting the alphapd component. The vulnerability arises from manipulating the AdminID argument in the /setSystemAdmin function, enabling remote command injection. Remote exploitation is possible and the exploit has been publicly ...
D-Link DCS-933L 命令注入漏洞
The D-Link DCS-933L is a wireless camera from the D-Link company. Versions of D-Link DCS-933L prior to 1.14.11 have a command injection vulnerability. This vulnerability stems from incorrect operations on the AdminID parameter in the setSystemAdmin file of the alphapd component, which can lead to...
PT-2026-7070
A vulnerability was determined in D-Link DCS-933L up to 1.14.11. This affects an unknown function of the file /setSystemAdmin of the component alphapd. This manipulation of the argument AdminID causes command injection. Remote exploitation of the attack is possible. The exploit has been publicly...
D-Link DCS-933L and DCS-934L Privilege Acquisition Vulnerability
The D-Link DCS-933L and DCS-934L are both network camera products from Terasic D-Link. mydlink+ is an application for remote access to camera devices such as the DCS-933L and DCS-934L. A security vulnerability exists in mydlink+ version 3.8.5 build 259 in the D-Link DCS-933L version 1.05.04 and...
CVE-2018-7698
An issue was discovered in D-Link mydlink+ 3.8.5 build 259 for DCS-933L 1.05.04 and DCS-934L 1.05.04 devices. The mydlink+ app sends the username and password for connected D-Link cameras such as DCS-933L and DCS-934L unencrypted from the app to the camera, allowing attackers to obtain these...
CVE-2018-7698
An issue was discovered in D-Link mydlink+ 3.8.5 build 259 for DCS-933L 1.05.04 and DCS-934L 1.05.04 devices. The mydlink+ app sends the username and password for connected D-Link cameras such as DCS-933L and DCS-934L unencrypted from the app to the camera, allowing attackers to obtain these...
CVE-2018-7698
The CVE-2018-7698 entry describes a vulnerability in D-Link mydlink+ 3.8.5 build 259 for DCS-933L (1.05.04) and DCS-934L (1.05.04). The root cause is that the mydlink+ app transmits the user credentials (username/password) unencrypted from the app to the camera, allowing an attacker to obtain cre...
CVE-2017-7852
D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack. This is because of the 'allow-access-from domain' child element set to , thus accepting requests from any domain. If a...
D-Link DCS-931L Arbitrary File Upload
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 /alphapd/ def initializeinfo = superupdateinfoinfo, 'Name' = 'D-Link DCS-931L File Upload', 'Description' = %q This module exploits a...