CVE-2026-12174
8.8 HIGHA security vulnerability has been detected in D-Link DCS-935L 1.10.01
Published: 2026-06-13 · Last updated: 2026-06-13
Severity and scoring
- CVSS
- 8.8 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-119, CWE-134
Description
A security vulnerability has been detected in D-Link DCS-935L 1.10.01. This issue affects the function snprintf of the file /web/cgi-bin/greece/rhea of the component HTTP Handler. Such manipulation of the argument data leads to format string. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-12174
- [Other]https://github.com/Real-Simplicity/cve-database/tree/main/CVE_Report_DLink_DCS935L_Format_String
- [Other]https://vuldb.com/cve/CVE-2026-12174
- [Other]https://vuldb.com/submit/837209
- [Other]https://vuldb.com/vuln/370815
- [Other]https://vuldb.com/vuln/370815/cti
- [Other]https://www.dlink.com/
Related CVEs
Same CWE
- CVE-2026-6250 — An authenticated format string vulnerability exists in the ONVIF service of Tapo C110 v2 due to improper handling of user-controlled input
- CVE-2026-0409 — A NETGEAR security issue that could allow an attacker with ability to intercept and tamper with traffic between the router and the Intern...
- CVE-2026-11623 — A security vulnerability has been detected in tmux up to 3.6a (4.5 MEDIUM)
- CVE-2026-11557 — A weakness has been identified in Tenda F451 1.0.0.7/1.0.0.9 (8.8 HIGH)
- CVE-2026-11553 — A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon (8.8 HIGH)