CVE-2026-5215

CVSS v3.1

4.3

Medium

AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The impacted element is the function cgi get ipv6 of the file /cgi-bin/network mgr.cgi. Such manipulation leads to improper access controls. The exploit is publicly available and might be used.

Exploit

Fix

Incorrect Privilege Assignment

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-266CWE-284

Related Identifiers

CVE-2026-5215

Affected Products

Dnr-202L

Dnr-322L

Dnr-326

Dns-1100-4

Dns-120

Dns-1200-05

Dns-1550-04

Dns-315L

Dns-320

Dns-320L

Dns-321

Dns-323

Dns-325

Dns-326

Dns-327L

Dns-340L

Dns-343

Dns-345

Dns-726-4

CVE-2026-5215

Weakness Enumeration

Related Identifiers

Affected Products

References · 6