<0.1% probability · 13.6th percentile — 2026-05-11
Affected versions
D-Link DCS-935L firmware up to version 1.10.01
Summary
This buffer overflow vulnerability exists in the HNAP service of D-Link DCS-935L IP cameras. It is triggered by malicious manipulation of the AdminPassword parameter during SetDeviceSettings processing. Attackers can exploit this vulnerability remotely to execute arbitrary code on affected devices. Public exploit code is already available for this issue.
Remediation
This device is typically end-of-life with no official patched firmware available from D-Link. Organizations should replace affected cameras with supported, modern alternatives. As a temporary mitigation, restrict public internet access to affected devices and disable HNAP access for untrusted networks.
Exploit info
This exploit has been publicly disclosed, with references to this issue documented in trusted public vulnerability databases. You may check Exploit-DB or GitHub for potential exploit details.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.