CVE-2026-2260 | D-Link DCS-931L up to 1.13.0 /goform/setSysAdmin AdminID os command injection

Inserito da Angelo Barbosa | Feb 9, 2026 | CVE

A vulnerability was found in D-Link DCS-931L up to 1.13.0 and classified as critical. This affects an unknown part of the file /goform/setSysAdmin. The manipulation of the argument AdminID results in os command injection. This vulnerability only affects products that are no longer supported by the maintainer.

This vulnerability is identified as CVE-2026-2260. The attack can be executed remotely. Additionally, an exploit exists.

CVE-2026-2260 | D-Link DCS-931L up to 1.13.0 /goform/setSysAdmin AdminID os command injection

Post correlati

CVE-2025-33020 | IBM Engineering Systems Design Rhapsody 9.0.2/10.0/10.0.1 missing encryption

CVE-2020-36918 | Yerootech iDS6 DSSPro Digital Signage System 4.3/5.6 B2017.07.12.1757/6.2 B2014.12.12.1220 cross-site request forgery (Exploit 48990)

CVE-2024-29031 | Meshery up to 0.7.16 GetMeshSyncResources order sql injection (GHSL-2023-249)

CVE-2025-25431 | TRENDnet TEW-929DRU 1.0.0.10 /captive_portal.htm wifi_data cross site scripting