PT-2026-25587 · D Link · Dnr-202L+38
Bond_Yes
·
Published
2026-03-16
·
Updated
2026-03-16
·
CVE-2026-4206
CVSS v3.1
9.8
Critical
| AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
D-Link DNS-120
D-Link DNR-202L
D-Link DNS-315L
D-Link DNS-320
D-Link DNS-320L
D-Link DNS-320LW
D-Link DNS-321
D-Link DNR-322L
D-Link DNS-323
D-Link DNS-325
D-Link DNS-326
D-Link DNS-327L
D-Link DNR-326
D-Link DNS-340L
D-Link DNS-343
D-Link DNS-345
D-Link DNS-726-4
D-Link DNS-1100-4
D-Link DNS-1200-05
D-Link DNS-1550-04 versions prior to 20260205
Description
A flaw exists that allows for command injection. This occurs through manipulation of the
/cgi-bin/dsk mgr.cgi file, specifically within the FMT rebuild diskmgr, FMT create diskmgr, and ScanDisk run e2fsck functions. The attack can be carried out remotely. The exploit for this issue has been publicly released.Recommendations
D-Link DNS-120: Update to a version after 20260205.
D-Link DNR-202L: Update to a version after 20260205.
D-Link DNS-315L: Update to a version after 20260205.
D-Link DNS-320: Update to a version after 20260205.
D-Link DNS-320L: Update to a version after 20260205.
D-Link DNS-320LW: Update to a version after 20260205.
D-Link DNS-321: Update to a version after 20260205.
D-Link DNR-322L: Update to a version after 20260205.
D-Link DNS-323: Update to a version after 20260205.
D-Link DNS-325: Update to a version after 20260205.
D-Link DNS-326: Update to a version after 20260205.
D-Link DNS-327L: Update to a version after 20260205.
D-Link DNR-326: Update to a version after 20260205.
D-Link DNS-340L: Update to a version after 20260205.
D-Link DNS-343: Update to a version after 20260205.
D-Link DNS-345: Update to a version after 20260205.
D-Link DNS-726-4: Update to a version after 20260205.
D-Link DNS-1100-4: Update to a version after 20260205.
D-Link DNS-1200-05: Update to a version after 20260205.
D-Link DNS-1550-04: Update to a version after 20260205.
Exploit
Fix
Command Injection
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Dnr-202L
Dnr-322L
Dnr-326
Dns-1100-4
Dns-120
Dns-1200-05
Dns-1550-04
Dns-315L
Dns-320
Dns-320L
Dns-321
Dns-323
Dns-325
Dns-326
Dns-327L
Dns-340L
Dns-343
Dns-345
Dns-726-4
Dnr-202L Firmware
Dnr-326 Firmware
Dns-1100-4 Firmware
Dns-1200-05 Firmware
Dns-120 Firmware
Dns-1550-04 Firmware
Dns-315L Firmware
Dns-320 Firmware
Dns-320L Firmware
Dns-320Lw Firmware
Dns-321 Firmware
Dns-322L Firmware
Dns-323 Firmware
Dns-325 Firmware
Dns-326 Firmware
Dns-327L Firmware
Dns-340L Firmware
Dns-343 Firmware
Dns-345 Firmware
Dns-726-4 Firmware