CVE-2016-11021

HIGH KEV

Dlink Dcs-930l Firmware < 2.12 - OS Command Injection

Title source: rule

Description

setSystemCommand on D-Link DCS-930L devices before 2.12 allows a remote attacker to execute code via an OS command in the SystemCommand parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotehardware
https://www.exploit-db.com/exploits/39437
metasploit WORKING POC EXCELLENT
by Nicholas Starke <[email protected]> · rubypocunix
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/dlink_dcs_930l_authenticated_remote_command_execution.rb

References (2)

Scores

CVSS v3 7.2
EPSS 0.9125
EPSS Percentile 99.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-03-25
VulnCheck KEV 2021-11-11
InTheWild.io 2022-03-25
ENISA EUVD EUVD-2016-2012
CWE
CWE-78
Status published
Products (1)
dlink/dcs-930l_firmware < 2.12
Published Mar 09, 2020
KEV Added Mar 25, 2022
Tracked Since Feb 18, 2026