CVE-2026-1419
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-26

Last updated on: 2026-04-29

Assigner: VulDB

Description
A weakness has been identified in D-Link DCS700l 1.03.09. Affected is an unknown function of the file /setDayNightMode of the component Web Form Handler. Executing a manipulation of the argument LightSensorControl can lead to command injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-26
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-01-26
EPSS Evaluated
2026-06-15
NVD
CVE-2026-1419
EUVD
EUVD-2026-4699
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
dlink dcs-700l_firmware 1.03.09
dlink dcs-700l *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-74 The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-1419 is a command injection vulnerability in the D-Link DCS700l device (firmware version 1.03.09), specifically in the Web Form Handler component at the /setDayNightMode endpoint. The vulnerability arises because the LightSensorControl parameter is not properly validated or sanitized before being used in a system shell command, allowing an attacker to inject arbitrary commands remotely. Exploiting this flaw can lead to unauthorized command execution on the device. [1, 2]

Impact Analysis

This vulnerability can impact you by allowing remote attackers to execute arbitrary commands on the affected device, compromising its integrity and availability. It can lead to unauthorized access, disclosure of sensitive information, and potentially enable further attacks on your network or systems. Since the exploit is publicly available and relatively easy to use, the risk of exploitation is significant. [1, 2]

Detection Guidance

Detection can focus on monitoring requests to the /setDayNightMode endpoint of the D-Link DCS700l device, specifically looking for unusual or malformed inputs in the LightSensorControl parameter that could indicate command injection attempts. Since the vulnerability involves injection into a shell command, commands such as inspecting web server logs for suspicious parameters or using network monitoring tools to detect unusual HTTP requests to /setDayNightMode can help. For example, using grep on logs: `grep '/setDayNightMode' /var/log/httpd/access_log` or similar. Additionally, monitoring for unexpected command executions or anomalies on the device may help. However, no specific detection commands or signatures are provided in the resources. [1, 2]

Mitigation Strategies

Immediate mitigation steps include replacing the affected D-Link DCS700l device or discontinuing its use, as no known patches or countermeasures are available. Restricting remote access to the device's web interface and limiting authentication to trusted users with high privileges may reduce risk but do not fully mitigate the vulnerability. Monitoring for exploitation attempts is also advised. Ultimately, device replacement is suggested to avoid exploitation. [1]

Compliance Impact

The vulnerability allows remote command injection that can compromise the confidentiality, integrity, and availability of the affected system. Such compromises could lead to unauthorized access or disclosure of sensitive data, which may result in non-compliance with data protection regulations like GDPR and HIPAA. However, no specific details on compliance impact or regulatory violations are provided. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-1419. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart