CVE-2026-8260

A vulnerability was found in D-Link DCS-935L up to 1.10.01. The impacted element is the function SetDeviceSettings of the file /web/cgi-bin/hnap/hnap_service of the component HNAP Service. The manipulation of the argument AdminPassword results in buffer overflow. The attack can be executed remotely....

high 8.8 CVSS 3.1

Published: May 11, 2026

Modified: May 12, 2026

Vendor: Dlink

Description

A vulnerability was found in D-Link DCS-935L up to 1.10.01. The impacted element is the function SetDeviceSettings of the file /web/cgi-bin/hnap/hnap_service of the component HNAP Service. The manipulation of the argument AdminPassword results in buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used.

References

https://github.com/0xcc12138/DCS-935L-HNAP-Service-CVE
https://vuldb.com/submit/809888
https://vuldb.com/vuln/362557
https://vuldb.com/vuln/362557/cti
https://www.dlink.com/

Related CVEs

CVSS Breakdown

Version	3.1
Score	8.8 / 10
Severity	high

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness (CWE)

CWE-119

Affected Product

Vendor	Dlink
Product	Dcs-935L Firmware