HIGHCVE-2026-8260Published 2026-05-11Modified 2026-05-12CNA VulDB

CVE-2026-8260: D-Link DCS-935L HNAP Service hnap_service SetDeviceSettings buffer overflow

A vulnerability was found in D-Link DCS-935L up to 1.10.01. The impacted element is the function SetDeviceSettings of the file /web/cgi-bin/hnap/hnap_service of the component HNAP Service. The manipulation of the argument AdminPassword results in buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used.

CVSS v4.0: 8.7
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

D-Link / DCS-935L
1.10.01

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

References

VDB-362557 | D-Link DCS-935L HNAP Service hnap_service SetDeviceSettings buffer overflow
VDB-362557 | CTI Indicators (IOB, IOC, IOA)
Submit #809888 | D-Link DCS-935L ≤1.10.01 Buffer Overflow
github.com
dlink.com

Metrics