CVE-2026-12174

HIGH

A security vulnerability has been detected in D-Link DCS-935L 1.10.01. This issue affects the function snprintf of the file /web/cgi-bin/greece/rhea of the component HTTP Handler. Such manipulation...

Affects 0 products across 1 vendor.

CVSS 3.18.8
CVSS v47.4
EPSS0.6%
Percentile44th
PatchUnknown
CVSS Vector — Plain English Remotely exploitable over the network, low complexity, low privileges required, no user interaction needed, impact contained to the vulnerable component, full confidentiality impact, full integrity impact, full availability impact.
CWE Weakness Definitions
CWE-119: Improper Restriction of Operations within Memory Buffer

Parent class for buffer-related vulnerabilities where operations exceed buffer boundaries.

CWE-134: CWE-134
◆ SAGE Intelligence — CITED Relevance Research Team

CVE-2026-12174 affects the D-Link DCS-935L network camera (firmware 1.10.01), where a format string vulnerability in the snprintf function within the HTTP CGI handler allows a remote attacker to execute arbitrary code or crash the device by sending a specially crafted HTTP request. In OT environments, IP cameras are commonly used for physical security monitoring of critical infrastructure, and successful exploitation could result in loss of surveillance capability, lateral movement into adjacent network segments, or device takeover. With a CVSS score of 8.8 and a publicly disclosed exploit, this represents a high-severity risk requiring immediate compensating controls.

Is this CVE in your environment?

BreachSpider monitors your ICS/OT environment for vulnerabilities like this one. No agents or network access required. Free to start.

Check My Environment →
Frequently Asked Questions
What is CVE-2026-12174?
CVE-2026-12174 affects the D-Link DCS-935L network camera (firmware 1.10.01), where a format string vulnerability in the snprintf function within the HTTP CGI handler allows a remote attacker to execute arbitrary code or crash the device by sending a specially crafted HTTP request. In OT environments, IP cameras are commonly used for physical security monitoring of critical infrastructure, and successful exploitation could result in loss of surveillance capability, lateral movement into adjacent
What is the CVSS score for CVE-2026-12174?
CVE-2026-12174 has CVSS 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS: 0.6%.
Is CVE-2026-12174 actively exploited?
No confirmed active exploitation of CVE-2026-12174 as of 2026-06-24.
How do I remediate CVE-2026-12174?
No confirmed patch version is publicly documented at time of analysis. D-Link DCS-935L may be end-of-life; users should consult the D-Link security advisory page and consider device replacement if no firmware update is issued. Monitor D-Link's official support announcement page for updates. Advisory: https://supportannouncement.us.dlink.com/security/publication.aspx
What systems are affected by CVE-2026-12174?
CVE-2026-12174 affects: Dlink.
Vulnerability Details
CVE IDCVE-2026-12174
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Published2026-06-13
Last Modified2026-06-13
ICS Relevance100%
Weakness (CWE)
SourceNVD
Official Description

A security vulnerability has been detected in D-Link DCS-935L 1.10.01. This issue affects the function snprintf of the file /web/cgi-bin/greece/rhea of the component HTTP Handler. Such manipulation of the argument data leads to format string. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.

Source: NIST NVD / MITRE CVE Database

Affected Products
VendorProductFixed Version
Dlink —
Remediation

No confirmed patch version is publicly documented at time of analysis. D-Link DCS-935L may be end-of-life; users should consult the D-Link security advisory page and consider device replacement if no firmware update is issued. Monitor D-Link's official support announcement page for updates.

View Vendor Advisory →
Threat Intelligence
● Threat Intelligence Validated: July 2026 | Threat Age: 28 Days
CISA KEVNot in KEV catalog
Public ExploitNot confirmed
PoC CodeNot confirmed
● Virtual Patch — CITED Relevance SAGE Engine MEDIUM CONFIDENCE

Deploy inline IPS/NGFW rules at the network boundary and any VLAN interface connecting to camera segments to block HTTP requests targeting /web/cgi-bin/greece/rhea that contain format string specifiers (e.g., %n, %x, %s patterns) in the request body or parameters. Additionally, implement a whitelist-based ACL permitting only authorized management IPs to reach port 80/443 on DCS-935L devices. Deploy these controls at perimeter firewalls, internal segmentation firewalls, and any managed switches supporting port-based ACLs in the camera VLAN.

No reliable network detection signature exists for this vulnerability class — apply the compensating controls above and the vendor patch. SAGE only publishes a network rule when a concrete on-the-wire signature can be grounded in the advisory.

Virtual patch generated by CITED Relevance SAGE. Validate in isolated environment before production deployment. Compensating control only - does not replace vendor patch.

Related CVEs affecting Dlink
CVE-2001-1220 10.0 D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point stores the a... CVE-2007-1435 10.0 Buffer overflow in D-Link TFTP Server 1.0 allows remote attackers to cause a ... CVE-2014-3936 10.0 Stack-based buffer overflow in the do_hnap function in www/my_cgi.cgi in D-Li... CVE-2011-3992 10.0 Buffer overflow in the SSH server functionality on the D-Link DES-3800 with f... CVE-2013-5946 10.0 The runShellCmd function in systemCheck.htm in D-Link DSR-150 with firmware b...
View all Dlink CVEs →

ICS/OT Vulnerability Intelligence for Your Environment

BreachSpider monitors 353,228 CVEs across ICS/OT vendors. SAGE-enriched alerts with virtual patches, NERC-CIP mapping, and PSIRT contacts delivered to your SIEM in minutes.

Join free →