Sign-up

ID

VAR-202602-0405


CVE

CVE-2026-2218


TITLE

D-Link Corporation of DCS-933L  Multiple vulnerabilities in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-003503

DESCRIPTION

A vulnerability was determined in D-Link DCS-933L up to 1.14.11. This affects an unknown function of the file /setSystemAdmin of the component alphapd. This manipulation of the argument AdminID causes command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-2218 // JVNDB: JVNDB-2026-003503

AFFECTED PRODUCTS

vendor:dlinkmodel:dcs-933lscope:lteversion:1.14.11

Trust: 1.0

vendor:d linkmodel:dcs-933lscope:lteversion:dcs-933l firmware 1.14.11 and earlier

Trust: 0.8

vendor:d linkmodel:dcs-933lscope:eqversion: -

Trust: 0.8

vendor:d linkmodel:dcs-933lscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2026-003503 // NVD: CVE-2026-2218

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2026-2218
value: LOW

Trust: 1.0

nvd@nist.gov: CVE-2026-2218
value: HIGH

Trust: 1.0

OTHER: JVNDB-2026-003503
value: HIGH

Trust: 0.8

cna@vuldb.com: CVE-2026-2218
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2026-003503
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2026-2218
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 3.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2026-2218
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2026-003503
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-003503 // NVD: CVE-2026-2218 // NVD: CVE-2026-2218

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

problemtype:CWE-74

Trust: 1.0

problemtype:injection (CWE-74) [ others ]

Trust: 0.8

problemtype: Command injection (CWE-77) [ others ]

Trust: 0.8

problemtype: Command injection (CWE-77) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-003503 // NVD: CVE-2026-2218

PATCH

title:D-Link DCS933L   v1.14.11 Command Injectionurl:https://github.com/jinhao118/cve/blob/main/D-Link%20DCS933L_v1.14.11.md

Trust: 0.8

sources: JVNDB: JVNDB-2026-003503

EXTERNAL IDS

db:NVDid:CVE-2026-2218

Trust: 2.6

db:VULDBid:344936

Trust: 1.0

db:JVNDBid:JVNDB-2026-003503

Trust: 0.8

sources: JVNDB: JVNDB-2026-003503 // NVD: CVE-2026-2218

REFERENCES

url:https://www.dlink.com/

Trust: 1.8

url:https://github.com/jinhao118/cve/blob/main/d-link%20dcs933l_v1.14.11.md#poc

Trust: 1.0

url:https://vuldb.com/?id.344936

Trust: 1.0

url:https://vuldb.com/?submit.753247

Trust: 1.0

url:https://vuldb.com/?ctiid.344936

Trust: 1.0

url:https://github.com/jinhao118/cve/blob/main/d-link%20dcs933l_v1.14.11.md

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-2218

Trust: 0.8

sources: JVNDB: JVNDB-2026-003503 // NVD: CVE-2026-2218

SOURCES

db:JVNDBid:JVNDB-2026-003503
db:NVDid:CVE-2026-2218

LAST UPDATE DATE

2026-02-15T23:45:24.365000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-003503date:2026-02-13T07:57:00
db:NVDid:CVE-2026-2218date:2026-02-11T18:33:50.317

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-003503date:2026-02-13T00:00:00
db:NVDid:CVE-2026-2218date:2026-02-09T06:16:25.013