Description
A vulnerability was found in D-Link DCS-931L up to 1.13.0. This affects an unknown part of the file /goform/setSysAdmin. The manipulation of the argument AdminID results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
Published: 2026-02-10
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote code execution through OS command injection
Action: Immediate Patch
AI Analysis

Impact

A vulnerability exists in the D-Link DCS-931L router, located in the /goform/setSysAdmin URL. Manipulating the AdminID parameter allows an attacker to inject arbitrary operating system commands, enabling full remote code execution on the device. The flaw is an example of OS Command Injection and System Call vulnerabilities, which compromise confidentiality, integrity, and availability of the managed network. The description notes that the exploit is publicly available and can be triggered remotely.

Affected Systems

Affected products are the D-Link DCS-931L series running firmware versions up to 1.13.0. This includes any devices with that specific firmware revision; newer firmware should not be vulnerable. The product is no longer supported by the maintainer, so the risk remains until a patch or upgrade is applied.

Risk and Exploitability

With a CVSS score of 8.6, the vulnerability is high severity. The EPSS score is very low (< 1%), indicating limited public exploitation data, but the presence of publicly available proof‑of‑concept code raises concerns. The vulnerability is not listed in CISA’s KEV catalog, but the remote command injection capability is serious. The likely attack vector is a remote attacker sending a crafted AdminID parameter to the /goform/setSysAdmin endpoint, potentially from any network that can reach the router. The vulnerability does not require local access, and the exploit can be automated by malicious actors.

Generated by OpenCVE AI on April 17, 2026 at 20:59 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Confirm the router firmware is above version 1.13.0; upgrade if possible
  • If an update is not available, block external access to the /goform/setSysAdmin URI using firewall or router ACL rules
  • Disable remote configuration services entirely if the router does not need to be managed over the network
  • Monitor device logs for failed or suspicious setSysAdmin requests and investigate any anomalies

Generated by OpenCVE AI on April 17, 2026 at 20:59 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 12 Feb 2026 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Dlink
Dlink dcs-931l
Dlink dcs-931l Firmware
CPEs cpe:2.3:h:dlink:dcs-931l:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dcs-931l_firmware:*:*:*:*:*:*:*:*
Vendors & Products Dlink
Dlink dcs-931l
Dlink dcs-931l Firmware

Tue, 10 Feb 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 10 Feb 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared D-link
D-link dcs-931l
Vendors & Products D-link
D-link dcs-931l

Tue, 10 Feb 2026 03:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in D-Link DCS-931L up to 1.13.0. This affects an unknown part of the file /goform/setSysAdmin. The manipulation of the argument AdminID results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
Title D-Link DCS-931L setSysAdmin os command injection
Weaknesses CWE-77
CWE-78
References
Metrics cvssV2_0

{'score': 8.3, 'vector': 'AV:N/AC:L/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.2, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

D-link Dcs-931l
Dlink Dcs-931l Dcs-931l Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-02-23T10:01:54.740Z

Reserved: 2026-02-09T16:58:34.510Z

Link: CVE-2026-2260

cve-icon Vulnrichment

Updated: 2026-02-10T18:36:02.941Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-10T04:16:05.620

Modified: 2026-02-12T15:33:09.607

Link: CVE-2026-2260

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T21:00:12Z

Weaknesses