CVE-2026-1532 MEDIUM

CVE-2026-1532: D-Link DCS-700L Music File Upload Service setUploadMusic uploadmusic path traversal

Vendor D-Link
Product DCS-700L
Weakness CWE-22 · Path traversal
Published January 28, 2026
Last update February 23, 2026

CVSS base score

4.8/10
Attack vector Adjacent
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was identified in D-Link DCS-700L 1.03.09. The affected element is the function uploadmusic of the file /setUploadMusic of the component Music File Upload Service. The manipulation of the argument UploadMusic leads to path traversal. The attack can only be initiated within the local network. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer.

Key dates

02Disclosure timeline

January 28, 2026 CVE published
February 23, 2026 Record updated

Related vulnerabilities

04Related CVE