Details of VAR-202605-3769

ID

VAR-202605-3769

CVE

CVE-2026-36983

TITLE

D-Link Corporation of DCS-932L Firmware Command injection vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2026-015284

DESCRIPTION

D-Link DCS-932L v2.18.01 is vulnerable to Command Injection in the function sub_42EF14 of the file /bin/alphapd. The manipulation of the argument LightSensorControl leads to command injection. LightSensorControl Command injection occurs through this operation.Some of the information handled by the software may be leaked to the outside. Also, some of the information handled by the software may be rewritten. Furthermore, some of the software may stop functioning. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-36983 // JVNDB: JVNDB-2026-015284

AFFECTED PRODUCTS

vendor:	dlink	model:	dcs-932l	scope:	eq	version:	2.18.01	Trust: 1.0
vendor:	d link	model:	dcs-932l	scope:	eq	version:	2.18.01	Trust: 0.8
vendor:	d link	model:	dcs-932l	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dcs-932l	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-015284 // NVD: CVE-2026-36983

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2026-36983
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2026-015284
value:	HIGH
Trust: 0.8

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2026-36983
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	3.4
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2026-015284
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-015284 // NVD: CVE-2026-36983

PROBLEMTYPE DATA

problemtype:	CWE-77	Trust: 1.0
problemtype:	Command injection (CWE-77) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-015284 // NVD: CVE-2026-36983

PATCH

title:

IoT_vul/D-Link/DCS-932L.md at main fru1ts/IoT_vul GitHub

url:

https://github.com/fru1ts/IoT_vul/blob/main/D-Link/DCS-932L.md

Trust: 0.8

sources: JVNDB: JVNDB-2026-015284

EXTERNAL IDS

db:	NVD	id:	CVE-2026-36983	Trust: 2.6
db:	JVNDB	id:	JVNDB-2026-015284	Trust: 0.8

sources: JVNDB: JVNDB-2026-015284 // NVD: CVE-2026-36983

REFERENCES

url:	https://www.dlink.com/en/security-bulletin/	Trust: 1.8
url:	https://github.com/fru1ts/iot_vul/blob/main/d-link/dcs-932l.md	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2026-36983	Trust: 0.8

sources: JVNDB: JVNDB-2026-015284 // NVD: CVE-2026-36983

SOURCES

db:	JVNDB	id:	JVNDB-2026-015284
db:	NVD	id:	CVE-2026-36983

LAST UPDATE DATE

2026-06-19T23:31:40.950000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-015284	date:	2026-05-14T01:13:00
db:	NVD	id:	CVE-2026-36983	date:	2026-05-12T19:36:42.187

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-015284	date:	2026-05-14T00:00:00
db:	NVD	id:	CVE-2026-36983	date:	2026-05-11T18:16:32.610