CVE-2026-1419
Published: 26 January 2026
Summary
CVE-2026-1419 is a medium-severity Injection (CWE-74) vulnerability in Dlink Dcs-700L Firmware. Its CVSS base score is 4.7 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 21.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Developer assessments and testing (including injection-focused techniques) identify improper neutralization of special elements, and the verifiable flaw remediation corrects them pre-deployment.
Identifies indicators of injection attacks (command, SQL, LDAP, etc.) via anomaly and attack monitoring.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection via web form parameter directly enables remote exploitation of the public-facing camera interface and arbitrary Unix shell command execution.
NVD Description
A weakness has been identified in D-Link DCS700l 1.03.09. Affected is an unknown function of the file /setDayNightMode of the component Web Form Handler. Executing a manipulation of the argument LightSensorControl can lead to command injection. The attack may be…
more
launched remotely. The exploit has been made available to the public and could be used for attacks.
Deeper analysisAI
CVE-2026-1419 is a command injection vulnerability affecting the D-Link DCS700l camera running firmware version 1.03.09. The issue resides in an unknown function within the /setDayNightMode file of the Web Form Handler component, where manipulation of the LightSensorControl argument enables command injection. This flaw, associated with CWE-74 and CWE-77, was published on 2026-01-26 and carries a CVSS v3.1 base score of 4.7 (AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L).
The vulnerability can be exploited remotely by an attacker who possesses high privileges (PR:H). By crafting and submitting a malicious LightSensorControl argument, the attacker can inject and execute arbitrary commands on the device, potentially resulting in low-level impacts to confidentiality, integrity, and availability.
Advisories and references, including detailed write-ups on VulDB (ctiid.342815, id.342815, submit.736554) and a Notion.site page, document the vulnerability and note that a public exploit is available, increasing the risk of attacks. The vendor site at dlink.com is referenced, but no specific patch or mitigation details are outlined in the provided information.
Details
- CWE(s)