| Title | D-Link DCS700l v1.03.09 Absolute Path Traversal |
|---|
| Description | A Path Traversal Vulnerability has been discovered in the Music File Upload Service of D-Link DCS-700L v1.03.09. The vulnerability arises from improper handling of user-controlled input during the music file upload process. The service uses the open() system call with the user-supplied file path without proper sanitization, allowing attackers to exploit path traversal sequences (e.g., ../../) to access files outside the intended directory. This can expose sensitive system files, such as configuration files, user credentials, or other critical system files, leading to potential information disclosure. |
|---|
| Source | ⚠️ https://tzh00203.notion.site/D-Link-DCS700l-v1-03-09-Path-Traversal-Vulnerability-in-Music-File-Upload-2e8b5c52018a80369553f07ab91aabe2?source=copy_link |
|---|
| User | tian (UID 93438) |
|---|
| Submission | 01/14/2026 07:59 (5 months ago) |
|---|
| Moderation | 01/28/2026 14:28 (14 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 343218 [D-Link DCS-700L 1.03.09 Music File Upload Service /setUploadMusic uploadmusic path traversal] |
|---|
| Points | 17 |
|---|