CVE-2026-4210

Name of the Vulnerable Software and Affected Versions D-Link DNS-120 D-Link DNR-202L D-Link DNS-315L D-Link DNS-320 D-Link DNS-320L D-Link DNS-320LW D-Link DNS-321 D-Link DNR-322L D-Link DNS-323 D-Link DNS-325 D-Link DNS-326 D-Link DNS-327L D-Link DNR-326 D-Link DNS-340L D-Link DNS-343 D-Link DNS-345 D-Link DNS-726-4 D-Link DNS-1100-4 D-Link DNS-1200-05 D-Link DNS-1550-04 versions prior to 20260205

Description A security issue exists in D-Link devices due to a command injection flaw. The cgi tm set share function within the /cgi-bin/time machine.cgi file is susceptible to this issue. Manipulation of the Name argument can lead to command injection, allowing for remote attacks. The exploit for this issue has been publicly released.

Recommendations D-Link DNS-120: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNR-202L: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-315L: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-320: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-320L: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-320LW: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-321: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNR-322L: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-323: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-325: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-326: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-327L: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNR-326: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-340L: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-343: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-345: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-726-4: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-1100-4: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-1200-05: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-1550-04: Update to a version after 20260205.