Overview
The DCS-700L, as well as DCS-7xxL and DCS-8xxL "Baby Camera" models are legacy EOL/EOS devices. All models and all hardware revisions have reached End of Life (EOL) and End of Service Life (EOS).
D-Link US and Canada recommends retiring and replacing devices that have reached EOL or EOS. These products no longer receive technical support, firmware updates, or security remediation.
As a general policy, once a product reaches EOS or EOL, all firmware development stops. Review the information and recommendations below before continuing to use these devices.
Third-Party Report Information
Report 1: CVE-2026-1419
Reference: Public vulnerability databases such as NVD : Link
Title: D-Link DCS700L Web Form setDayNightMode command injection
CWE:
CWE-77: Command Injection : Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-74: Injection: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVSS Scores
Public vulnerability databases list this issue with elevated severity due to network-accessible attack vectors and insufficient input validation.
Report 2: CVE-2026-1532
Reference: Public vulnerability databases such as NVD : Link
Title: D-Link DCS-700L Music File Upload Service setUploadMusic uploadmusic path traversal
CWE:
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSS Scores
Public vulnerability databases list this issue with elevated severity due to network-accessible attack vectors and insufficient input validation.
Note:
This CVE appears in public vulnerability databases. The affected devices have reached EOL and EOS. Product resources have been discontinued and no longer receive support. D-Link Systems, Inc. recommends retiring these products and replacing them with supported models.
Description
CVE-2026-1419 :A weakness has been identified in D-Link DCS700l 1.03.09. Affected is an unknown function of the file /setDayNightMode of the component Web Form Handler. Executing a manipulation of the argument LightSensorControl can lead to command injection. No remediation is available due to product lifecycle status.
CVE-2026-1532: A vulnerability was identified in D-Link DCS-700L 1.03.09. The affected element is the function uploadmusic of the file /setUploadMusic of the component Music File Upload Service. The manipulation of the argument UploadMusic leads to path traversal.
Awareness Reported by
CISA Vulnerability Summary for the Week of January 26, 2026
Affected Products and Firmware Status
DCS-700L
- Hardware Revision: All
- Affected Versions: v1.03.09 and earlier
- End of Support and End of Life: 02/01/2016
- Status: EOL and EOS : Link
Reports affecting older or legacy firmware are not accepted. EOL and EOS status means support and service have ended, and no security updates will be released.
Affected Models Summary
|
Model
|
Region
|
Hardware Revision
|
End of Support
|
Legacy Website
|
Last Updated
|
|
DCS-700L
|
Worldwide
|
All
|
02/01/2016
|
Yes(Link)
|
02/03/2026
|
Recommendations for End of Support and End of Life Products
D-Link periodically designates products as EOS or EOL due to technology changes, market demand, or lifecycle maturity. Products in this status should be replaced with newer models offering improved functionality and active support.
Guidance for US and Canada Consumers
- Products that have reached EOS or EOL no longer receive technical support, firmware updates, or security remediation.
- Continued use of EOL and EOS products increases security risk to connected networks and devices.
- D-Link strongly advises discontinuing use of these products.
Security Reports for EOL and EOS Devices
- D-Link does not accept or validate vulnerability reports for EOL or EOS products.
- No firmware updates or hotfixes will be released.
- The last available firmware appears on the legacy site for reference only:
https://legacy.us.dlink.com/
- Continued use of EOL or EOS devices occurs at the user’s own risk.