CVE-2026-4207

CVSS v3.1

6.3

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

A vulnerability was determined in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This impacts the function cgi device/cgi sms test/cgi firmware upload/cgi ntp time of the file /cgi-bin/system mgr.cgi. Executing a manipulation can lead to command injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.

Exploit

Fix

Command Injection

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77CWE-74

Related Identifiers

CVE-2026-4207

Affected Products

Dnr-202L

Dnr-322L

Dnr-326

Dns-1100-4

Dns-120

Dns-1200-05

Dns-1550-04

Dns-315L

Dns-320

Dns-320L

Dns-321

Dns-323

Dns-325

Dns-326

Dns-327L

Dns-340L

Dns-343

Dns-345

Dns-726-4

CVE-2026-4207

Weakness Enumeration

Related Identifiers

Affected Products

References · 11