CVE-2026-1532 identifies a path traversal vulnerability in the D-Link DCS-700L IP camera firmware version 1.03.09. The vulnerability resides in the Music File Upload Service component, specifically in the uploadmusic function accessed via the /setUploadMusic endpoint. By manipulating the UploadMusic argument, an attacker can perform directory traversal attacks, potentially accessing or modifying files outside the intended directory scope. The attack vector is limited to local network access, requiring the attacker to have high privileges on the device (as indicated by the CVSS vector PR:H). No user interaction is necessary, and the vulnerability impacts confidentiality and integrity with low scope change. The device is no longer supported by the vendor, and no official patches are available. Although no known exploits are currently observed in the wild, a public exploit exists, increasing the risk of exploitation in environments where these devices remain deployed. The vulnerability score of 4.8 (medium) reflects the limited attack vector and required privileges but acknowledges the potential impact on device security. This vulnerability could allow attackers to access sensitive configuration files or inject malicious files, undermining device operation and network security.

The primary impact of CVE-2026-1532 is unauthorized access to or modification of files on the affected D-Link DCS-700L device. This could lead to compromise of device integrity, exposure of sensitive configuration or credential files, and potential pivoting within the local network. Since the device is an IP camera, attackers might leverage this vulnerability to disrupt video surveillance, disable security monitoring, or use the device as a foothold for further attacks. The requirement for local network access and high privileges limits the scope of exploitation but does not eliminate risk in environments where network segmentation is weak or where attackers have gained internal access. The lack of vendor support and patches increases the risk for organizations still operating these legacy devices, as vulnerabilities remain unmitigated. Overall, this vulnerability could degrade the confidentiality and integrity of surveillance data and network security posture.

Given the absence of vendor patches, organizations should implement compensating controls to mitigate this vulnerability. First, isolate the affected D-Link DCS-700L devices on a dedicated VLAN or network segment with strict access controls to limit local network exposure. Employ network access control (NAC) solutions to restrict device communication only to trusted hosts. Disable or restrict access to the Music File Upload Service if possible, or monitor traffic to the /setUploadMusic endpoint for suspicious activity. Replace unsupported devices with newer, supported models that receive security updates. Regularly audit network devices for legacy hardware and remove or upgrade vulnerable equipment. Additionally, implement strong authentication and privilege management on the local network to prevent unauthorized users from gaining the high privileges required to exploit this vulnerability. Continuous monitoring and intrusion detection systems can help identify exploitation attempts within the local network.