PT-2026-29337 · D Link · Dns-340L+18

Ziyue Xie

Published

2026-03-31

Updated

2026-04-09

CVE-2026-5211

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions D-Link DNS-120 D-Link DNR-202L D-Link DNS-315L D-Link DNS-320 D-Link DNS-320L D-Link DNS-320LW D-Link DNS-321 D-Link DNR-322L D-Link DNS-323 D-Link DNS-325 D-Link DNS-326 D-Link DNS-327L D-Link DNR-326 D-Link DNS-340L D-Link DNS-343 D-Link DNS-345 D-Link DNS-726-4 D-Link DNS-1100-4 D-Link DNS-1200-05 D-Link DNS-1550-04 versions prior to 20260205

Description A flaw exists that can lead to a stack-based buffer overflow. The issue is located in the UPnP AV Server Path Del function within the /cgi-bin/app mgr.cgi file. Manipulation of the f dir argument can trigger the overflow. This can be exploited remotely.

Recommendations For D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04, update to a version after 20260205.

Exploit

Fix

Stack Overflow

Memory Corruption

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-787CWE-119

Related Identifiers

CVE-2026-5211

Affected Products

Dnr-202L

Dnr-322L

Dnr-326

Dns-1100-4

Dns-120

Dns-1200-05

Dns-1550-04

Dns-315L

Dns-320

Dns-320L

Dns-321

Dns-323

Dns-325

Dns-326

Dns-327L

Dns-340L

Dns-343

Dns-345

Dns-726-4

PT-2026-29337 · D Link · Dns-340L+18

CVE-2026-5211

Weakness Enumeration

Related Identifiers

Affected Products

References · 9