CVE-2026-1532

Sažetak

A vulnerability was identified in D-Link DCS-700L 1.03.09. The affected element is the function uploadmusic of the file /setUploadMusic of the component Music File Upload Service. The manipulation of the argument UploadMusic leads to path traversal. The attack can only be initiated within the local network. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer.

Reference

https://tzh00203.notion.site/D-Link-DCS700l-v1-03-09-Path-Traversal-Vulnerability-in-Music-File-Upload-2e8b5c52018a80369553f07ab91aabe2?source=copy_link
https://vuldb.com/?ctiid.343218
https://vuldb.com/?id.343218
https://vuldb.com/?submit.738693
https://www.dlink.com/

CVSS

Base:	2.2
Impact:	2.9
Exploitability:	4.1

Pristup

Vektor	Složenost	Autentikacija
ADJACENT_NETWORK	LOW	MULTIPLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:A/AC:L/Au:M/C:P/I:N/A:N

Zadnje važnije ažuriranje

28-01-2026 - 21:16

Objavljeno

28-01-2026 - 21:16