A vulnerability labeled as critical has been found in D-Link DCS-935L 1.10.01 . This affects the function sub_400E40 of the file setconf.cgi of the component POST Parameter Handler . Such manipulation of the argument UID leads to os command injection. This vulnerability is uniquely identified as CVE-2026-13545 . The attack can be launched remotely. Moreover, an exploit is present.