Description
A vulnerability was found in D-Link DCS-931L up to 1.13.0. Impacted is the function doSystem of the file /setSystemAdmin. Performing a manipulation of the argument AdminID results in command injection. The attack may be initiated remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
Published: 2026-02-09
Score: 5.1 Medium
EPSS: 5.4% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The /setSystemAdmin endpoint of D-Link DCS-931L firmware allows a remote attacker to supply a crafted AdminID value that is passed directly to the underlying system shell. This results in a command injection flaw (CWE-74, CWE-77) where arbitrary shell commands can be executed on the device, potentially compromising confidentiality, integrity, and availability.

Affected Systems

The D-Link DCS-931L network video recorder running firmware version 1.13.0 or earlier is affected. The product is no longer supported by the vendor, and no patches are available for these firmware builds.

Risk and Exploitability

The CVSS score of 5.1 reflects moderate severity, while the EPSS score of 5 % indicates a low‑to‑moderate likelihood of exploitation in the near term. The vulnerability is not listed in the CISA KEV catalog. An attacker can trigger the flaw remotely by sending a crafted request to the /setSystemAdmin endpoint and injecting shell commands. Because the exploit is publicly available and the device is unsupported, the risk of real-world exploitation remains.

Generated by OpenCVE AI on June 18, 2026 at 05:03 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Replace the DCS-931L with a supported model that receives ongoing security updates.
  • Disable remote management or restrict the /setSystemAdmin interface to trusted corporate networks using ACLs or VLAN segmentation.
  • Block or rate‑limit inbound traffic to the /setSystemAdmin endpoint with firewall rules and monitor logs for unexpected command execution attempts.

Generated by OpenCVE AI on June 18, 2026 at 05:03 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 23 Feb 2026 10:30:00 +0000

Type Values Removed Values Added
References

Tue, 10 Feb 2026 14:00:00 +0000

Type Values Removed Values Added
First Time appeared Dlink
Dlink dcs-931l
Dlink dcs-931l Firmware
CPEs cpe:2.3:h:dlink:dcs-931l:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dcs-931l_firmware:*:*:*:*:*:*:*:*
Vendors & Products Dlink
Dlink dcs-931l
Dlink dcs-931l Firmware

Tue, 10 Feb 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared D-link
D-link dcs-931l
Vendors & Products D-link
D-link dcs-931l

Mon, 09 Feb 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 09 Feb 2026 10:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in D-Link DCS-931L up to 1.13.0. Impacted is the function doSystem of the file /setSystemAdmin. Performing a manipulation of the argument AdminID results in command injection. The attack may be initiated remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
Title D-Link DCS-931L setSystemAdmin doSystem command injection
Weaknesses CWE-74
CWE-77
References
Metrics cvssV2_0

{'score': 5.8, 'vector': 'AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.7, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

D-link Dcs-931l
Dlink Dcs-931l Dcs-931l Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-02-23T09:59:48.888Z

Reserved: 2026-02-08T16:12:11.558Z

Link: CVE-2026-2227

cve-icon Vulnrichment

Updated: 2026-02-09T13:52:01.299Z

cve-icon NVD

Status : Modified

Published: 2026-02-09T10:15:57.880

Modified: 2026-06-17T10:30:35.387

Link: CVE-2026-2227

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T05:15:16Z

Weaknesses
  • CWE-74

    Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

  • CWE-77

    Improper Neutralization of Special Elements used in a Command ('Command Injection')