Cyber Resilience

CVE-2026-36983

HighPublic PoC

Published: 11 May 2026

Published
11 May 2026
Modified
12 May 2026
KEV Added
Patch
CVSS Score v3.1 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0571 90.6th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-36983 is a high-severity Command Injection (CWE-77) vulnerability in Dlink Dcs-932L Firmware. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 9.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

D-Link DCS-932L version 2.18.01 contains a command injection vulnerability in the /bin/alphapd binary, specifically within function sub_42EF14. The flaw arises from improper handling of the LightSensorControl argument and is tracked under CWE-77, with a CVSS 3.1 score of 7.3 reflecting network-accessible exploitation without authentication or user interaction.

An unauthenticated remote attacker can supply crafted input to the LightSensorControl parameter and execute arbitrary operating-system commands on the device. Successful exploitation grants limited read, write, and disruption capabilities on the affected camera, consistent with the reported impact metrics.

The listed references include a D-Link security bulletin page and a public GitHub repository documenting the issue; administrators should consult the vendor bulletin for any official firmware updates or configuration guidance. The associated EPSS score has remained flat at 0.0571 with no material increase since disclosure.

EU & UK References

Vulnerability details

D-Link DCS-932L v2.18.01 is vulnerable to Command Injection in the function sub_42EF14 of the file /bin/alphapd. The manipulation of the argument LightSensorControl leads to command injection.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

Command injection (CWE-77) in exposed camera web/firmware interface directly enables remote code execution via Unix shell.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-29635Same vendor: Dlink
CVE-2025-69542Same vendor: Dlink
CVE-2026-4197Same vendor: Dlink
CVE-2025-25743Same vendor: Dlink
CVE-2026-2175Same vendor: Dlink
CVE-2026-2194Same vendor: Dlink
CVE-2026-2218Same vendor: Dlink
CVE-2026-2151Same vendor: Dlink
CVE-2026-8272Same vendor: Dlink
CVE-2025-10634Same vendor: Dlink

Affected Assets

dlink
dcs-932l firmware
2.18.01

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References