CVE-2026-8260 | D-Link DCS-935L up to 1.10.01 HNAP Service hnap_service SetDeviceSettings AdminPassword buffer overflow

Inserito da Angelo Barbosa | Mag 10, 2026 | CVE

A vulnerability described as critical has been identified in D-Link DCS-935L up to 1.10.01. The impacted element is the function SetDeviceSettings of the file /web/cgi-bin/hnap/hnap_service of the component HNAP Service. The manipulation of the argument AdminPassword results in buffer overflow.

This vulnerability is identified as CVE-2026-8260. The attack can be executed remotely. Additionally, an exploit exists.

CVE-2026-8260 | D-Link DCS-935L up to 1.10.01 HNAP Service hnap_service SetDeviceSettings AdminPassword buffer overflow

Post correlati

CVE-2023-49262 | Hongdian H8951-4G-ESP prior 2310271149 Cookie authentication improper authentication

CVE-2024-26902 | Linux Kernel up to 6.6.22/6.7.10 RISCV null pointer dereference (3ede8e94de6b/9f599ba3b9cc/34b567868777)

CVE-2024-6902 | SourceCodester Record Management System 1.0 sort_user.php sort sql injection

CVE-2024-52297 | Tolgee up to 3.81.1 Configuration information disclosure (GHSA-3wr3-889v-pgcj)