CVE-2026-8260
CVE-2026-8260
7.4
HighPublished:
Last updated:
Source:cna@vuldb.com
Analyzed
CVSS Vector
v4.0- Attack Vector
- Network
- Attack Complexity
- Low
- Attack Requirements
- None
- Privileges Required
- Low
- User Interaction
- None
- Confidentiality (Vulnerable)
- High
- Integrity (Vulnerable)
- High
- Availability (Vulnerable)
- High
- Confidentiality (Subsequent)
- None
- Integrity (Subsequent)
- None
- Availability (Subsequent)
- None
Description
A vulnerability was found in D-Link DCS-935L up to 1.10.01. The impacted element is the function SetDeviceSettings of the file /web/cgi-bin/hnap/hnap_service of the component HNAP Service. The manipulation of the argument AdminPassword results in buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used.
References
cna@vuldb.com
https://vuldb.com/submit/809888cna@vuldb.com
https://vuldb.com/vuln/362557cna@vuldb.com
https://vuldb.com/vuln/362557/cticna@vuldb.com
https://www.dlink.com/