Description
A security vulnerability has been detected in D-Link DCS-935L 1.10.01. This issue affects the function snprintf of the file /web/cgi-bin/greece/rhea of the component HTTP Handler. Such manipulation of the argument data leads to format string. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
Published: 2026-06-13
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A format string bug exists in the snprintf function used by the /web/cgi-bin/greece/rhea HTTP handler of the D-Link DCS‑935L. By manipulating the arguments supplied in HTTP requests, an attacker can cause the firmware to interpret user input as a format string, potentially allowing arbitrary memory read or write. This flaw can lead to remote code execution or privilege escalation if the attacker can control the format string payload.

Affected Systems

The affected product is the D-Link DCS‑935L network camera, specifically firmware version 1.10.01. The vulnerability resides in the HTTP handler component that serves the web interface. Only devices running this exact firmware version are vulnerable; newer firmware updates may have fixed the issue.

Risk and Exploitability

The CVSS score is 8.7, indicating a high severity vulnerability, and the EPSS score is not available, but the publicly disclosed exploit demonstrates the ability to launch attacks remotely. Because the vulnerable functionality is reachable over the network, devices exposed to the Internet face a high likelihood of exploitation. The flaw is not listed in CISA KEV, but the lack of a patch makes it a significant risk for exposed systems.

Generated by OpenCVE AI on June 13, 2026 at 21:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware release from D‑Link that patches the snprintf format string bug.
  • If a firmware update is unavailable, block external access to the device’s web interface or at least the /web/cgi-bin/greece/rhea endpoint using a network firewall or access control list.
  • Enable logging for HTTP requests to the /web/cgi-bin/greece/rhea path and regularly review logs for suspicious format string patterns or repeated access attempts.

Generated by OpenCVE AI on June 13, 2026 at 21:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 13 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Description A security vulnerability has been detected in D-Link DCS-935L 1.10.01. This issue affects the function snprintf of the file /web/cgi-bin/greece/rhea of the component HTTP Handler. Such manipulation of the argument data leads to format string. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
Title D-Link DCS-935L HTTP rhea snprintf format string
First Time appeared D-link
D-link dcs-935l
Weaknesses CWE-119
CWE-134
CPEs cpe:2.3:h:d-link:dcs-935l:*:*:*:*:*:*:*:*
Vendors & Products D-link
D-link dcs-935l
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

D-link Dcs-935l
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-13T20:15:12.362Z

Reserved: 2026-06-13T05:36:07.097Z

Link: CVE-2026-12174

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-13T21:16:18.830

Modified: 2026-06-13T21:16:18.830

Link: CVE-2026-12174

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-13T21:30:10Z

Weaknesses
  • CWE-119

    Improper Restriction of Operations within the Bounds of a Memory Buffer

  • CWE-134

    Use of Externally-Controlled Format String