CVE-2026-2218
D-Link DCS-933L alphapd setSystemAdmin command injection
CVSS Score
6.3
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability was determined in D-Link DCS-933L up to 1.14.11. This affects an unknown function of the file /setSystemAdmin of the component alphapd. This manipulation of the argument AdminID causes command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer.
| CWE | CWE-77 CWE-74 |
| Vendor | d-link |
| Product | dcs-933l |
| Published | Feb 9, 2026 |
| Last Updated | Feb 23, 2026 |
Stay Ahead of the Next One
Get instant alerts for d-link dcs-933l
Be the first to know when new medium vulnerabilities affecting d-link dcs-933l are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
D-Link / DCS-933L
1.14.0 1.14.1 1.14.2 1.14.3 1.14.4 1.14.5 1.14.6 1.14.7 1.14.8 1.14.9 1.14.10 1.14.11
References
vuldb.com: https://vuldb.com/?id.344936 vuldb.com: https://vuldb.com/?ctiid.344936 vuldb.com: https://vuldb.com/?submit.753247 github.com: https://github.com/jinhao118/cve/blob/main/D-Link%20DCS933L_v1.14.11.md github.com: https://github.com/jinhao118/cve/blob/main/D-Link%20DCS933L_v1.14.11.md#poc dlink.com: https://www.dlink.com/
Credits
๐ allanp0e (VulDB User)