PT-2026-29369 · D Link · Dns-327L+18

Ziyue Xie

Publicado

2026-03-31

Atualizado

2026-03-31

CVE-2026-5215

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 versions up to 20260205.

Description A flaw exists in the cgi get ipv6 function within the /cgi-bin/network mgr.cgi file, leading to improper access controls. The exploit is publicly available.

Recommendations Update the affected D-Link devices to a version later than 20260205.

Exploit

Correção

Improper Access Control

Incorrect Privilege Assignment

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284CWE-266

Identificadores relacionados

CVE-2026-5215

Produtos afetados

Dnr-202L

Dnr-322L

Dnr-326

Dns-1100-4

Dns-120

Dns-1200-05

Dns-1550-04

Dns-315L

Dns-320

Dns-320L

Dns-321

Dns-323

Dns-325

Dns-326

Dns-327L

Dns-340L

Dns-343

Dns-345

Dns-726-4

PT-2026-29369 · D Link · Dns-327L+18

CVE-2026-5215

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6