Vulnerability Description
A vulnerability was found in D-Link DCS-935L up to 1.10.01. The impacted element is the function SetDeviceSettings of the file /web/cgi-bin/hnap/hnap_service of the component HNAP Service. The manipulation of the argument AdminPassword results in buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dlink | Dcs-935L Firmware | <= 1.10.01 |
| Dlink | Dcs-935L | - |
Related Weaknesses (CWE)
References
- https://github.com/0xcc12138/DCS-935L-HNAP-Service-CVEExploitThird Party Advisory
- https://vuldb.com/submit/809888Third Party AdvisoryVDB Entry
- https://vuldb.com/vuln/362557Third Party AdvisoryVDB Entry
- https://vuldb.com/vuln/362557/ctiPermissions RequiredVDB Entry
- https://www.dlink.com/Product
FAQ
What is CVE-2026-8260?
CVE-2026-8260 is a vulnerability with a CVSS score of 8.8 (HIGH). A vulnerability was found in D-Link DCS-935L up to 1.10.01. The impacted element is the function SetDeviceSettings of the file /web/cgi-bin/hnap/hnap_service of the component HNAP Service. The manipul...
How severe is CVE-2026-8260?
CVE-2026-8260 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-8260?
Check the references section above for vendor advisories and patch information. Affected products include: Dlink Dcs-935L Firmware, Dlink Dcs-935L.