← back
CVE-2016-11021

CVE-2016-11021

CVSS 7.2 HIGHEPSS 68.5%● KEVCWE-78
In short

A D-Link DCS-930L camera before version 2.12 allows attackers to run arbitrary commands on the device by sending specially crafted requests. This means someone could take control of your camera and do whatever they want with it.

Technical detail

OS command injection vulnerability in the setSystemCommand function on D-Link DCS-930L firmware versions prior to 2.12. The SystemCommand parameter is not properly sanitized, allowing unauthenticated or low-privilege remote attackers to execute arbitrary OS commands with device privileges. Exploitation requires network access to the affected endpoint.

Summary generated and translated by AI from the official description.
setSystemCommand on D-Link DCS-930L devices before 2.12 allows a remote attacker to execute code via an OS command in the SystemCommand parameter.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found1
cve_referencewww.exploit-db.com/exploits/39437unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-11021https://www.exploit-db.com/exploits/39437