| Title | D-Link DCS-935L HD Wi-Fi Camera 1.10.01 CWE-134: Use of Externally-Controlled Format String |
|---|
| Description | The rhea CGI binary in D-Link DCS-935L HD Wi-Fi Camera version 1.10.01 (Build 20161128) uses user-supplied input from the sn and hwv HTTP parameters directly as the format string argument to snprintf() instead of as a data argument, which allows remote authenticated attackers to execute arbitrary code via crafted HTTP requests. |
|---|
| Source | ⚠️ https://github.com/Real-Simplicity/cve-database/tree/main/CVE_Report_DLink_DCS935L_Format_String |
|---|
| User | Simplicity (UID 98540) |
|---|
| Submission | 05/26/2026 15:12 (19 days ago) |
|---|
| Moderation | 06/13/2026 07:36 (18 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 370815 [D-Link DCS-935L 1.10.01 HTTP /web/cgi-bin/greece/rhea snprintf data format string] |
|---|
| Points | 19 |
|---|