PT-2026-29599 · D Link · Dnr-202L+18
Ziyue Xie
·
Published
2026-04-01
·
Updated
2026-04-01
·
CVE-2026-5311
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function Webdav Access List of the file /cgi-bin/file center.cgi. Performing a manipulation of the argument cmd results in improper access controls. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.
Exploit
Fix
Improper Access Control
Incorrect Privilege Assignment
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Dnr-202L
Dnr-322L
Dnr-326
Dns-1100-4
Dns-120
Dns-1200-05
Dns-1550-04
Dns-315L
Dns-320
Dns-320L
Dns-321
Dns-323
Dns-325
Dns-326
Dns-327L
Dns-340L
Dns-343
Dns-345
Dns-726-4