← Back to CVEs

CVE-2026-1532

LOW

2.4

Description

A vulnerability was identified in D-Link DCS-700L 1.03.09. The affected element is the function uploadmusic of the file /setUploadMusic of the component Music File Upload Service. The manipulation of the argument UploadMusic leads to path traversal. The attack can only be initiated within the local network. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer.

CVE Details

CVSS v3.1 Score2.4

SeverityLOW

CVSS VectorCVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Attack VectorADJACENT_NETWORK

ComplexityLOW

Privileges RequiredHIGH

User InteractionNONE

Published1/28/2026

Last Modified2/5/2026

Sourcenvd

Honeypot Sightings0

Affected Products

dlink:dcs-700ldlink:dcs-700l_firmware

Weaknesses (CWE)

CWE-22

References

https://tzh00203.notion.site/D-Link-DCS700l-v1-03-09-Path-Traversal-Vulnerability-in-Music-File-Upload-2e8b5c52018a80369553f07ab91aabe2?source=copy_link(cna@vuldb.com)

https://vuldb.com/?ctiid.343218(cna@vuldb.com)

https://vuldb.com/?id.343218(cna@vuldb.com)

https://vuldb.com/?submit.738693(cna@vuldb.com)

https://www.dlink.com/(cna@vuldb.com)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.