PatchSiren cyber security CVE debrief
CVE-2026-12174 D-Link CVE debrief
A high-severity vulnerability, CVE-2026-12174, has been detected in D-Link DCS-935L 1.10.01. The issue affects the snprintf function in the /web/cgi-bin/greece/rhea file of the HTTP Handler component. This vulnerability is caused by manipulation of the 'data' argument, leading to a format string vulnerability. The attack can be launched remotely, and the exploit has been publicly disclosed.
- Vendor
- D-Link
- Product
- DCS-935L
- CVSS
- HIGH 7.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-13
- Original CVE updated
- 2026-06-13
- Advisory published
- 2026-06-13
- Advisory updated
- 2026-06-13
Who should care
Users of D-Link DCS-935L 1.10.01 should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability has a CVSS score of 7.4 and is classified as HIGH severity. It is related to CWE-119 and CWE-134. The CVSS vector is CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.
Defensive priority
High
Recommended defensive actions
- Apply patches or updates provided by the vendor to fix the vulnerability.
- Restrict access to the affected component to prevent remote exploitation.
- Monitor the system for suspicious activity.
Evidence notes
The CVE record was published and modified on 2026-06-13T21:16:18.830Z. The vulnerability details were obtained from NVD and Vuldb.
Official resources
Publicly disclosed