CVE-2026-5213

Name of the Vulnerable Software and Affected Versions D-Link DNS-120 versions prior to 20260205 D-Link DNR-202L versions prior to 20260205 D-Link DNS-315L versions prior to 20260205 D-Link DNS-320 versions prior to 20260205 D-Link DNS-320L versions prior to 20260205 D-Link DNS-320LW versions prior to 20260205 D-Link DNS-321 versions prior to 20260205 D-Link DNR-322L versions prior to 20260205 D-Link DNS-323 versions prior to 20260205 D-Link DNS-325 versions prior to 20260205 D-Link DNS-326 versions prior to 20260205 D-Link DNS-327L versions prior to 20260205 D-Link DNR-326 versions prior to 20260205 D-Link DNS-340L versions prior to 20260205 D-Link DNS-343 versions prior to 20260205 D-Link DNS-345 versions prior to 20260205 D-Link DNS-726-4 versions prior to 20260205 D-Link DNS-1100-4 versions prior to 20260205 D-Link DNS-1200-05 versions prior to 20260205 D-Link DNS-1550-04 versions prior to 20260205

Description A flaw exists that allows for remote manipulation of the read list argument within the cgi adduser to session function located in the /cgi-bin/account mgr.cgi file. This manipulation can lead to a stack-based buffer overflow. The exploit for this issue has been publicly disclosed.

Recommendations D-Link DNS-120 versions prior to 20260205 should be updated. D-Link DNR-202L versions prior to 20260205 should be updated. D-Link DNS-315L versions prior to 20260205 should be updated. D-Link DNS-320 versions prior to 20260205 should be updated. D-Link DNS-320L versions prior to 20260205 should be updated. D-Link DNS-320LW versions prior to 20260205 should be updated. D-Link DNS-321 versions prior to 20260205 should be updated. D-Link DNR-322L versions prior to 20260205 should be updated. D-Link DNS-323 versions prior to 20260205 should be updated. D-Link DNS-325 versions prior to 20260205 should be updated. D-Link DNS-326 versions prior to 20260205 should be updated. D-Link DNS-327L versions prior to 20260205 should be updated. D-Link DNR-326 versions prior to 20260205 should be updated. D-Link DNS-340L versions prior to 20260205 should be updated. D-Link DNS-343 versions prior to 20260205 should be updated. D-Link DNS-345 versions prior to 20260205 should be updated. D-Link DNS-726-4 versions prior to 20260205 should be updated. D-Link DNS-1100-4 versions prior to 20260205 should be updated. D-Link DNS-1200-05 versions prior to 20260205 should be updated. D-Link DNS-1550-04 versions prior to 20260205 should be updated.