CVE-2026-36983
Command Injection in D-Link DCS-932L v2.18.01
Publication date: 2026-05-11
Last updated on: 2026-05-11
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| d-link | dcs-932l | 2.18.01 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The CVE-2026-36983 vulnerability affects the D-Link DCS-932L network surveillance camera, specifically firmware version V2.18.01. It is a command injection flaw found in the alphapd binary's sub_42EF14 function. The vulnerability occurs because the LightSensorControl parameter is improperly handled and directly incorporated into a system command without proper sanitization.
A remote attacker with authorized access can exploit this vulnerability by sending specially crafted requests to the vulnerable endpoint /setDayNightStream, allowing them to execute arbitrary commands on the device.
How can this vulnerability impact me? :
This vulnerability can allow a remote attacker with authorized access to execute arbitrary commands on the affected D-Link DCS-932L device. This could lead to unauthorized control over the device, potentially compromising its functionality, accessing sensitive data, or using the device as a foothold to attack other systems on the network.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring network traffic for requests to the vulnerable endpoint /setDayNightStream that include the LightSensorControl parameter. Specifically, look for suspicious or specially crafted inputs that could lead to command injection.
Since the vulnerability involves command injection via the LightSensorControl parameter, you can use network capture tools like tcpdump or Wireshark to filter HTTP requests to the device and inspect the parameters.
- Use tcpdump to capture traffic to the device: tcpdump -i <interface> host <device_ip> and filter for HTTP POST requests.
- Use curl or similar tools to test the endpoint manually by sending crafted requests to /setDayNightStream with various LightSensorControl values to see if command injection is possible.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable device, especially limiting access to trusted users only, since exploitation requires authorized access.
Avoid sending or allowing untrusted input to the /setDayNightStream endpoint, particularly the LightSensorControl parameter.
If possible, update the device firmware to a version that patches this vulnerability or contact the vendor for a security update.
As a temporary measure, consider network segmentation or firewall rules to block access to the vulnerable endpoint.