PT-2026-29369 · D Link · Dns-327L+18

Ziyue Xie

Published

2026-03-31

Updated

2026-03-31

CVE-2026-5215

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 versions up to 20260205.

Description A flaw exists in the cgi get ipv6 function within the /cgi-bin/network mgr.cgi file, leading to improper access controls. The exploit is publicly available.

Recommendations Update the affected D-Link devices to a version later than 20260205.

Exploit

Fix

Improper Access Control

Incorrect Privilege Assignment

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-266

Related Identifiers

CVE-2026-5215

Affected Products

Dnr-202L

Dnr-322L

Dnr-326

Dns-1100-4

Dns-120

Dns-1200-05

Dns-1550-04

Dns-315L

Dns-320

Dns-320L

Dns-321

Dns-323

Dns-325

Dns-326

Dns-327L

Dns-340L

Dns-343

Dns-345

Dns-726-4

PT-2026-29369 · D Link · Dns-327L+18

CVE-2026-5215

Weakness Enumeration

Related Identifiers

Affected Products

References · 6