CVE-2026-4212

Name of the Vulnerable Software and Affected Versions D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 versions prior to 20260205

Description A security issue has been identified in multiple D-Link Network Attached Storage (NAS) devices. The Downloads Schedule Info function within the /cgi-bin/download mgr.cgi file is susceptible to a stack-based buffer overflow. This manipulation can be exploited remotely. The exploit for this issue has been publicly disclosed.

Recommendations D-Link DNS-120 versions prior to 20260205 D-Link DNR-202L versions prior to 20260205 D-Link DNS-315L versions prior to 20260205 D-Link DNS-320 versions prior to 20260205 D-Link DNS-320L versions prior to 20260205 D-Link DNS-320LW versions prior to 20260205 D-Link DNS-321 versions prior to 20260205 D-Link DNR-322L versions prior to 20260205 D-Link DNS-323 versions prior to 20260205 D-Link DNS-325 versions prior to 20260205 D-Link DNS-326 versions prior to 20260205 D-Link DNS-327L versions prior to 20260205 D-Link DNR-326 versions prior to 20260205 D-Link DNS-340L versions prior to 20260205 D-Link DNS-343 versions prior to 20260205 D-Link DNS-345 versions prior to 20260205 D-Link DNS-726-4 versions prior to 20260205 D-Link DNS-1100-4 versions prior to 20260205 D-Link DNS-1200-05 versions prior to 20260205 D-Link DNS-1550-04 versions prior to 20260205