CVE-2015-2049

D-Link DCS-931L Firmware < 1.04 - Authenticated Remote Code Execution via File Upload

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2015-2049. PoCs published by Metasploit, Mike Baucom, Allen Harper, J. Rach, bcoles, including Metasploit module exploits/linux/http/dlink_dcs931l_upload.

AI-analyzed exploit summary This Metasploit module exploits a file upload vulnerability in D-Link DCS-931L network cameras, allowing authenticated users to overwrite system files and execute arbitrary commands. It uploads a payload, overwrites a system script to trigger execution, and restores the original script during cleanup.

Description

Unrestricted file upload vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubywebappshardware
https://www.exploit-db.com/exploits/39192

This Metasploit module exploits a file upload vulnerability in D-Link DCS-931L network cameras, allowing authenticated users to overwrite system files and execute arbitrary commands. It uploads a payload, overwrites a system script to trigger execution, and restores the original script during cleanup.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: D-Link DCS-931L (firmware versions 1.01_B7, 1.04_B1)
Auth required
Prerequisites: Network access to the target device · Valid credentials (default: admin/blank)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GREAT
by Mike Baucom, Allen Harper, J. Rach, bcoles · rubypoclinux
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/dlink_dcs931l_upload.rb

This Metasploit module exploits a file upload vulnerability in D-Link DCS-931L cameras, allowing authenticated users to overwrite system files and execute arbitrary commands. It uploads a payload, overwrites a system script, and triggers execution via a POST request.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: D-Link DCS-931L (firmware versions 1.01_B7, 1.04_B1)
Auth required
Prerequisites: Network access to the target device · Valid credentials (default: admin/blank)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/39192/
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/377348

Scores

EPSS 0.6667
EPSS Percentile 99.2%

Details

Status published
Products (1)
dlink/dcs-931l_firmware < 1.04
Published Feb 23, 2015
Tracked Since Feb 18, 2026