← voltar
CVE-2026-12174

D-Link DCS-935L HTTP rhea snprintf format string

CVSS 8.7 HIGHEPSS 0.6%CWE-119CWE-134
A security vulnerability has been detected in D-Link DCS-935L 1.10.01. This issue affects the function snprintf of the file /web/cgi-bin/greece/rhea of the component HTTP Handler. Such manipulation of the argument data leads to format string. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
Produtos afetados
D-Link · DCS-935L
PoCs públicas encontradas1
cve_referencegithub.com/Real-Simplicity/cve-database/tree/main/CVE_Report_DLink_DCS935L_Format_Stringnão verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/Real-Simplicity/cve-database/tree/main/CVE_Report_DLink_DCS935L_Format_Stringhttps://vuldb.com/cve/CVE-2026-12174https://vuldb.com/submit/837209https://vuldb.com/vuln/370815https://vuldb.com/vuln/370815/ctihttps://www.dlink.com/