CVE-2026-8260

HIGH NVD

CVSS Score 8.8

Severity HIGH

Published May 11, 2026

Vendor unknown

Description

A vulnerability was found in D-Link DCS-935L up to 1.10.01. The impacted element is the function SetDeviceSettings of the file /web/cgi-bin/hnap/hnap_service of the component HNAP Service. The manipulation of the argument AdminPassword results in buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used.

References

https://github.com/0xcc12138/DCS-935L-HNAP-Service-CVE
https://vuldb.com/submit/809888
https://vuldb.com/vuln/362557
https://vuldb.com/vuln/362557/cti
https://www.dlink.com/