D Link · Dns-340L · CVE-2026-5211
**Name of the Vulnerable Software and Affected Versions**
D-Link DNS-120
D-Link DNR-202L
D-Link DNS-315L
D-Link DNS-320
D-Link DNS-320L
D-Link DNS-320LW
D-Link DNS-321
D-Link DNR-322L
D-Link DNS-323
D-Link DNS-325
D-Link DNS-326
D-Link DNS-327L
D-Link DNR-326
D-Link DNS-340L
D-Link DNS-343
D-Link DNS-345
D-Link DNS-726-4
D-Link DNS-1100-4
D-Link DNS-1200-05
D-Link DNS-1550-04
versions prior to 20260205
**Description**
A flaw exists that can lead to a stack-based buffer overflow. The issue is located in the `UPnP AV Server Path Del` function within the `/cgi-bin/app mgr.cgi` file. Manipulation of the `f dir` argument can trigger the overflow. This can be exploited remotely.
**Recommendations**
For D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04, update to a version after 20260205.