CVE-2026-12174
A security vulnerability has been detected in D-Link DCS-935L 1.10.01. This issue affects the function snprintf of the file /web/cgi-bin/greece/rhea of the component HTTP Handler. Such manipulation...
Affects 0 products across 1 vendor.
Parent class for buffer-related vulnerabilities where operations exceed buffer boundaries.
CVE-2026-12174 affects the D-Link DCS-935L network camera (firmware 1.10.01), where a format string vulnerability in the snprintf function within the HTTP CGI handler allows a remote attacker to execute arbitrary code or crash the device by sending a specially crafted HTTP request. In OT environments, IP cameras are commonly used for physical security monitoring of critical infrastructure, and successful exploitation could result in loss of surveillance capability, lateral movement into adjacent network segments, or device takeover. With a CVSS score of 8.8 and a publicly disclosed exploit, this represents a high-severity risk requiring immediate compensating controls.
Is this CVE in your environment?
BreachSpider monitors your ICS/OT environment for vulnerabilities like this one. No agents or network access required. Free to start.
Check My Environment →What is CVE-2026-12174?
What is the CVSS score for CVE-2026-12174?
Is CVE-2026-12174 actively exploited?
How do I remediate CVE-2026-12174?
What systems are affected by CVE-2026-12174?
| CVE ID | CVE-2026-12174 |
|---|---|
| CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Published | 2026-06-13 |
| Last Modified | 2026-06-13 |
| ICS Relevance | 100% |
| Weakness (CWE) | |
| Source | NVD |
A security vulnerability has been detected in D-Link DCS-935L 1.10.01. This issue affects the function snprintf of the file /web/cgi-bin/greece/rhea of the component HTTP Handler. Such manipulation of the argument data leads to format string. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
Source: NIST NVD / MITRE CVE Database
| Vendor | Product | Fixed Version |
|---|---|---|
| Dlink | — | — |
No confirmed patch version is publicly documented at time of analysis. D-Link DCS-935L may be end-of-life; users should consult the D-Link security advisory page and consider device replacement if no firmware update is issued. Monitor D-Link's official support announcement page for updates.
View Vendor Advisory →| CISA KEV | Not in KEV catalog |
|---|---|
| Public Exploit | Not confirmed |
| PoC Code | Not confirmed |
Deploy inline IPS/NGFW rules at the network boundary and any VLAN interface connecting to camera segments to block HTTP requests targeting /web/cgi-bin/greece/rhea that contain format string specifiers (e.g., %n, %x, %s patterns) in the request body or parameters. Additionally, implement a whitelist-based ACL permitting only authorized management IPs to reach port 80/443 on DCS-935L devices. Deploy these controls at perimeter firewalls, internal segmentation firewalls, and any managed switches supporting port-based ACLs in the camera VLAN.
No reliable network detection signature exists for this vulnerability class — apply the compensating controls above and the vendor patch. SAGE only publishes a network rule when a concrete on-the-wire signature can be grounded in the advisory.
Virtual patch generated by CITED Relevance SAGE. Validate in isolated environment before production deployment. Compensating control only - does not replace vendor patch.
ICS/OT Vulnerability Intelligence for Your Environment
BreachSpider monitors 353,228 CVEs across ICS/OT vendors. SAGE-enriched alerts with virtual patches, NERC-CIP mapping, and PSIRT contacts delivered to your SIEM in minutes.
Join free →