CVE-2026-2218
Published: 09 February 2026
Summary
CVE-2026-2218 is a medium-severity Injection (CWE-74) vulnerability in Dlink Dcs-933L Firmware. Its CVSS base score is 6.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 21.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Developer assessments and testing (including injection-focused techniques) identify improper neutralization of special elements, and the verifiable flaw remediation corrects them pre-deployment.
Identifies indicators of injection attacks (command, SQL, LDAP, etc.) via anomaly and attack monitoring.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection in exposed admin interface directly enables remote exploitation of public-facing app (T1190) and arbitrary Unix shell command execution (T1059.004) on the device.
NVD Description
A vulnerability was determined in D-Link DCS-933L up to 1.14.11. This affects an unknown function of the file /setSystemAdmin of the component alphapd. This manipulation of the argument AdminID causes command injection. Remote exploitation of the attack is possible. The…
more
exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer.
Deeper analysisAI
CVE-2026-2218 is a command injection vulnerability affecting D-Link DCS-933L cameras running firmware versions up to 1.14.11. The flaw exists in an unknown function of the /setSystemAdmin file within the alphapd component, where manipulation of the AdminID argument enables command injection. Published on 2026-02-09, it carries a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) and is linked to CWEs-74 and CWE-77.
Remote attackers who possess low privileges can exploit this vulnerability over the network with low attack complexity and no user interaction. Exploitation allows partial impacts on confidentiality, integrity, and availability, potentially enabling arbitrary command execution on the affected device.
This vulnerability impacts only products no longer supported by the maintainer, with no patches available. Advisories, including references from VulDB and a GitHub repository, confirm that a proof-of-concept exploit has been publicly disclosed and may be utilized, heightening risks for internet-exposed instances.
Details
- CWE(s)