CVE-2026-4196

Name of the Vulnerable Software and Affected Versions D-Link DNS-120 D-Link DNR-202L D-Link DNS-315L D-Link DNS-320 D-Link DNS-320L D-Link DNS-320LW D-Link DNS-321 D-Link DNR-322L D-Link DNS-323 D-Link DNS-325 D-Link DNS-326 D-Link DNS-327L D-Link DNR-326 D-Link DNS-340L D-Link DNS-343 D-Link DNS-345 D-Link DNS-726-4 D-Link DNS-1100-4 D-Link DNS-1200-05 D-Link DNS-1550-04 versions prior to 20260205

Description A command injection issue exists in the cgi recovery/cgi backup now/cgi set schedule/cgi set rsync server function within the /cgi-bin/remote backup.cgi file. Remote attackers can manipulate this function to execute arbitrary commands. The exploit for this issue has been publicly disclosed.

Recommendations D-Link DNS-120: Update to a version beyond 20260205. D-Link DNR-202L: Update to a version beyond 20260205. D-Link DNS-315L: Update to a version beyond 20260205. D-Link DNS-320: Update to a version beyond 20260205. D-Link DNS-320L: Update to a version beyond 20260205. D-Link DNS-320LW: Update to a version beyond 20260205. D-Link DNS-321: Update to a version beyond 20260205. D-Link DNR-322L: Update to a version beyond 20260205. D-Link DNS-323: Update to a version beyond 20260205. D-Link DNS-325: Update to a version beyond 20260205. D-Link DNS-326: Update to a version beyond 20260205. D-Link DNS-327L: Update to a version beyond 20260205. D-Link DNR-326: Update to a version beyond 20260205. D-Link DNS-340L: Update to a version beyond 20260205. D-Link DNS-343: Update to a version beyond 20260205. D-Link DNS-345: Update to a version beyond 20260205. D-Link DNS-726-4: Update to a version beyond 20260205. D-Link DNS-1100-4: Update to a version beyond 20260205. D-Link DNS-1200-05: Update to a version beyond 20260205. D-Link DNS-1550-04: Update to a version beyond 20260205.