CVE-2026-1532

LOW 2.4

D-Link DCS-700L Music File Upload Service setUploadMusic uploadmusic path traversal

CVSS Score

2.4

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability was identified in D-Link DCS-700L 1.03.09. The affected element is the function uploadmusic of the file /setUploadMusic of the component Music File Upload Service. The manipulation of the argument UploadMusic leads to path traversal. The attack can only be initiated within the local network. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer.

CWE	CWE-22
Vendor	d-link
Product	dcs-700l
Published	Jan 28, 2026
Last Updated	Feb 23, 2026

Stay Ahead of the Next One

Get instant alerts for d-link dcs-700l

Be the first to know when new low vulnerabilities affecting d-link dcs-700l are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

D-Link / DCS-700L

1.03.09

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/?id.343218 vuldb.com: https://vuldb.com/?ctiid.343218 vuldb.com: https://vuldb.com/?submit.738693 tzh00203.notion.site: https://tzh00203.notion.site/D-Link-DCS700l-v1-03-09-Path-Traversal-Vulnerability-in-Music-File-Upload-2e8b5c52018a80369553f07ab91aabe2?source=copy_link dlink.com: https://www.dlink.com/

Credits

🔍 tian (VulDB User)