Description
A vulnerability was found in D-Link DCS-931L up to 1.13.0. This affects an unknown part of the file /goform/setSysAdmin. The manipulation of the argument AdminID results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
Published: 2026-02-10
Score: 8.6 High
EPSS: 5.0% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A vulnerability exists in the D-Link DCS-931L router, located in the /goform/setSysAdmin URL. Manipulating the AdminID parameter allows an attacker to inject arbitrary operating system commands, enabling full remote code execution on the device. The flaw is an example of OS Command Injection and System Call vulnerabilities. The description notes that the exploit is publicly available and can be triggered remotely.

Affected Systems

Affected products are the D-Link DCS-931L series running firmware versions up to 1.13.0. This includes any devices with that specific firmware revision; newer firmware should not be vulnerable. The product is no longer supported by the maintainer, so the risk remains until a patch or upgrade is applied.

Risk and Exploitability

With a CVSS score of 8.6, the vulnerability is high severity. The EPSS score is 5%, indicating that exploitation is moderately likely, and publicly available proof‑of‑concept code raises concerns. The vulnerability is not listed in CISA’s KEV catalog, but the remote command injection capability is serious. The likely attack vector is a remote attacker sending a crafted AdminID parameter to the /goform/setSysAdmin endpoint, potentially from any network that can reach the router. The vulnerability does not require local access, and the exploit can be automated by malicious actors.

Generated by OpenCVE AI on June 18, 2026 at 05:03 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the router firmware to a non‑vulnerable version (firmware higher than 1.13.0). If an update is unavailable, proceed to the next step.
  • Block external access to the /goform/setSysAdmin endpoint using firewall or ACL rules.
  • Disable remote configuration services entirely when the router is not required to be managed over the network.
  • Monitor device logs for suspicious or failed setSysAdmin requests and investigate any anomalies.

Generated by OpenCVE AI on June 18, 2026 at 05:03 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 12 Feb 2026 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Dlink
Dlink dcs-931l
Dlink dcs-931l Firmware
CPEs cpe:2.3:h:dlink:dcs-931l:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dcs-931l_firmware:*:*:*:*:*:*:*:*
Vendors & Products Dlink
Dlink dcs-931l
Dlink dcs-931l Firmware

Tue, 10 Feb 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 10 Feb 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared D-link
D-link dcs-931l
Vendors & Products D-link
D-link dcs-931l

Tue, 10 Feb 2026 03:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in D-Link DCS-931L up to 1.13.0. This affects an unknown part of the file /goform/setSysAdmin. The manipulation of the argument AdminID results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
Title D-Link DCS-931L setSysAdmin os command injection
Weaknesses CWE-77
CWE-78
References
Metrics cvssV2_0

{'score': 8.3, 'vector': 'AV:N/AC:L/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.2, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}


Subscriptions

D-link Dcs-931l
Dlink Dcs-931l Dcs-931l Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-02-23T10:01:54.740Z

Reserved: 2026-02-09T16:58:34.510Z

Link: CVE-2026-2260

cve-icon Vulnrichment

Updated: 2026-02-10T18:36:02.941Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-10T04:16:05.620

Modified: 2026-06-17T10:30:39.233

Link: CVE-2026-2260

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T05:15:16Z

Weaknesses
  • CWE-77

    Improper Neutralization of Special Elements used in a Command ('Command Injection')

  • CWE-78

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')