PT-2026-29368 · D Link · Dns-325+18
Ziyue Xie
·
Published
2026-03-31
·
Updated
2026-04-01
·
CVE-2026-5214
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
D-Link DNS-120
D-Link DNR-202L
D-Link DNS-315L
D-Link DNS-320
D-Link DNS-320L
D-Link DNS-320LW
D-Link DNS-321
D-Link DNR-322L
D-Link DNS-323
D-Link DNS-325
D-Link DNS-326
D-Link DNS-327L
D-Link DNR-326
D-Link DNS-340L
D-Link DNS-343
D-Link DNS-345
D-Link DNS-726-4
D-Link DNS-1100-4
D-Link DNS-1200-05
D-Link DNS-1550-04
versions prior to 20260205
Description
A stack-based buffer overflow exists due to the manipulation of the
Name argument in the cgi addgroup get group quota minsize function located in the /cgi-bin/account mgr.cgi file. This allows for remote attacks. The exploit has been publicly released.Recommendations
For D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04 versions prior to 20260205, update to a newer version.
Exploit
Fix
Buffer Overflow
Memory Corruption
Stack Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Dnr-202L
Dnr-322L
Dnr-326
Dns-1100-4
Dns-120
Dns-1200-05
Dns-1550-04
Dns-315L
Dns-320
Dns-320L
Dns-321
Dns-323
Dns-325
Dns-326
Dns-327L
Dns-340L
Dns-343
Dns-345
Dns-726-4