ByteOS Network

dcs-700l_firmware

Source -

NVD

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2026-1532

Assigner-VulDB

View Details

Assigner-VulDB

CVSS Score-4.8||MEDIUM

EPSS-0.06% / 19.55%

7 Day CHG~0.00%

Published-28 Jan, 2026 | 20:32

Updated-05 Feb, 2026 | 16:57

D-Link DCS-700L Music File Upload Service setUploadMusic uploadmusic path traversal

A vulnerability was identified in D-Link DCS-700L 1.03.09. The affected element is the function uploadmusic of the file /setUploadMusic of the component Music File Upload Service. The manipulation of the argument UploadMusic leads to path traversal. The attack can only be initiated within the local network. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer.

Vendor-D-Link Corporation

Product-dcs-700l dcs-700l_firmware DCS-700L

CWE ID-CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE-2026-1419

Assigner-VulDB

View Details

Assigner-VulDB

CVSS Score-5.1||MEDIUM

EPSS-0.05% / 15.54%

7 Day CHG~0.00%

Published-26 Jan, 2026 | 04:32

Updated-30 Jan, 2026 | 16:50

D-Link DCS700l Web Form setDayNightMode command injection

A weakness has been identified in D-Link DCS700l 1.03.09. Affected is an unknown function of the file /setDayNightMode of the component Web Form Handler. Executing a manipulation of the argument LightSensorControl can lead to command injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.

Vendor-D-Link Corporation

Product-dcs-700l dcs-700l_firmware DCS700l

CWE ID-CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')