PT-2026-29347 · D Link · Dns-726-4+18
Ziyue Xie
·
Published
2026-03-31
·
Updated
2026-04-01
·
CVE-2026-5212
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
D-Link DNS-120
D-Link DNR-202L
D-Link DNS-315L
D-Link DNS-320
D-Link DNS-320L
D-Link DNS-320LW
D-Link DNS-321
D-Link DNR-322L
D-Link DNS-323
D-Link DNS-325
D-Link DNS-326
D-Link DNS-327L
D-Link DNR-326
D-Link DNS-340L
D-Link DNS-343
D-Link DNS-345
D-Link DNS-726-4
D-Link DNS-1100-4
D-Link DNS-1200-05
D-Link DNS-1550-04
versions prior to 20260205
Description
A stack-based buffer overflow issue exists in the
Webdav Upload File function located in the /cgi-bin/webdav mgr.cgi file. The issue is triggered by manipulating the f file argument. This allows for remote exploitation. The exploit has been publicly disclosed.Recommendations
Update devices to the latest firmware version available.
Exploit
Fix
Stack Overflow
Buffer Overflow
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Dnr-202L
Dnr-322L
Dnr-326
Dns-1100-4
Dns-120
Dns-1200-05
Dns-1550-04
Dns-315L
Dns-320
Dns-320L
Dns-321
Dns-323
Dns-325
Dns-326
Dns-327L
Dns-340L
Dns-343
Dns-345
Dns-726-4