| Title | D-Link DCS930L v1.15.04 Command Injection |
|---|
| Description | A command injection vulnerability exists in the setSystemAdmin function of the alphapd binary in D-Link DCS-930L firmware v1.15.04. The AdminID parameter is directly taken from user input and inserted into shell commands without proper sanitization, allowing remote attackers to execute arbitrary OS commands via crafted requests. |
|---|
| Source | ⚠️ https://github.com/Madgeaaaaa/MY_VULN_2/blob/main/D-Link/vuln-1/D-Link%20Vulnerability.md |
|---|
| User | Anonymous User |
|---|
| Submission | 11/26/2025 07:34 (5 months ago) |
|---|
| Moderation | 12/07/2025 16:40 (11 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 334667 [D-Link DCS-930L 1.15.04 alphapd /setSystemAdmin AdminID command injection] |
|---|
| Points | 19 |
|---|