CVE-2026-4209
MEDIUM SEVERITYCVSS Score & Metrics
Base Score
6.3 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Description
A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function cgi_create_import_users/cgi_user_batch_create/cgi_user_set_quota/cgi_user_del/cgi_user_modify/cgi_group_set_quota/cgi_group_modify/cgi_group_add/cgi_user_add/cgi_get_modify_group_info/cgi_chg_admin_pw of the file /cgi-bin/account_mgr.cgi. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-74
Source
NVD
Vendor
dlink
Product
dnr-202l_firmware
External References
- https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_148/148.md
- https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_149/149.md
- https://vuldb.com/?ctiid.351120
- https://vuldb.com/?id.351120
- https://vuldb.com/?submit.770429
- https://vuldb.com/?submit.770430
- https://vuldb.com/?submit.770431
- https://vuldb.com/?submit.770432
- https://vuldb.com/?submit.770433
- https://vuldb.com/?submit.770434
- https://vuldb.com/?submit.770435
- https://vuldb.com/?submit.770436
- https://vuldb.com/?submit.770437
- https://vuldb.com/?submit.770438
- https://www.dlink.com/
Discussion (0)
Add Comment
No comments yet. Be the first!