CVE-2026-4210

A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected by this vulnerability is the function cgi tm set share of the file /cgi-bin/time machine.cgi. The manipulation of the argument Name results in command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.