Sign-up

ID

VAR-202603-1477


CVE

CVE-2026-4205


TITLE

D-Link Corporation of dnr-202l  Multiple vulnerabilities in multiple products, including firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-008222

DESCRIPTION

A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The impacted element is the function cgi_refresh_db/FTP_Server_BlockIP_Add/FTP_Server_BlockIP_Del of the file /cgi-bin/app_mgr.cgi. Such manipulation leads to command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. D-Link of DNS-120 , DNR-202L , DNS-315L , DNS-320 , DNS-320L , DNS-320LW , DNS-321 , DNR-322L , DNS-323 , DNS-325 , DNS-326 , DNS-327L , DNR-326 , DNS-340L , DNS-343 , DNS-345 , DNS-726-4 , DNS-1100-4 , DNS-1200-05 , DNS-1550-04 (( 2026 Year 2 Moon 5 A vulnerability has been discovered in the version up to [date]. The attack can be performed remotely, and the exploit is publicly available, making it vulnerable to abuse.All information handled by the software may be leaked to the outside. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-4205 // JVNDB: JVNDB-2026-008222

AFFECTED PRODUCTS

vendor:dlinkmodel:dns-327lscope:lteversion:2026-02-05

Trust: 1.0

vendor:dlinkmodel:dns-1100-4scope:lteversion:2026-02-05

Trust: 1.0

vendor:dlinkmodel:dns-343scope:lteversion:2026-02-05

Trust: 1.0

vendor:dlinkmodel:dns-345scope:lteversion:2026-02-05

Trust: 1.0

vendor:dlinkmodel:dnr-326scope:lteversion:2026-02-05

Trust: 1.0

vendor:dlinkmodel:dns-1550-04scope:lteversion:2026-02-05

Trust: 1.0

vendor:dlinkmodel:dns-321scope:lteversion:2026-02-05

Trust: 1.0

vendor:dlinkmodel:dns-325scope:lteversion:2026-02-05

Trust: 1.0

vendor:dlinkmodel:dns-120scope:lteversion:2026-02-05

Trust: 1.0

vendor:dlinkmodel:dns-315lscope:lteversion:2026-02-05

Trust: 1.0

vendor:dlinkmodel:dns-323scope:lteversion:2026-02-05

Trust: 1.0

vendor:dlinkmodel:dns-326scope:lteversion:2026-02-05

Trust: 1.0

vendor:dlinkmodel:dns-340lscope:lteversion:2026-02-05

Trust: 1.0

vendor:dlinkmodel:dns-320lscope:lteversion:2026-02-05

Trust: 1.0

vendor:dlinkmodel:dns-320lwscope:lteversion:2026-02-05

Trust: 1.0

vendor:dlinkmodel:dns-726-4scope:lteversion:2026-02-05

Trust: 1.0

vendor:dlinkmodel:dnr-202lscope:lteversion:2026-02-05

Trust: 1.0

vendor:dlinkmodel:dns-322lscope:lteversion:2026-02-05

Trust: 1.0

vendor:dlinkmodel:dns-1200-05scope:lteversion:2026-02-05

Trust: 1.0

vendor:dlinkmodel:dns-320scope:lteversion:2026-02-05

Trust: 1.0

vendor:d linkmodel:dns-315lscope: - version: -

Trust: 0.8

vendor:d linkmodel:d-link dnr-326scope: - version: -

Trust: 0.8

vendor:d linkmodel:dnr-202lscope: - version: -

Trust: 0.8

vendor:d linkmodel:d-link dns-322lscope: - version: -

Trust: 0.8

vendor:d linkmodel:d-link dns-345scope: - version: -

Trust: 0.8

vendor:d linkmodel:d-link dns-320lwscope: - version: -

Trust: 0.8

vendor:d linkmodel:dns-326scope: - version: -

Trust: 0.8

vendor:d linkmodel:dns-343scope: - version: -

Trust: 0.8

vendor:d linkmodel:dns-321scope: - version: -

Trust: 0.8

vendor:d linkmodel:d-link dns-327lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dns-1100-4scope: - version: -

Trust: 0.8

vendor:d linkmodel:dns-340lscope: - version: -

Trust: 0.8

vendor:d linkmodel:d-link dns-320lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dns-323scope: - version: -

Trust: 0.8

vendor:d linkmodel:dns-120scope: - version: -

Trust: 0.8

vendor:d linkmodel:dns-1200-05scope: - version: -

Trust: 0.8

vendor:d linkmodel:dns-726-4scope: - version: -

Trust: 0.8

vendor:d linkmodel:d-link dns-320scope: - version: -

Trust: 0.8

vendor:d linkmodel:dns-1550-04scope: - version: -

Trust: 0.8

vendor:d linkmodel:d-link dns-325scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2026-008222 // NVD: CVE-2026-4205

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2026-4205
value: LOW

Trust: 1.0

nvd@nist.gov: CVE-2026-4205
value: CRITICAL

Trust: 1.0

OTHER: JVNDB-2026-008222
value: CRITICAL

Trust: 0.8

cna@vuldb.com: CVE-2026-4205
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2026-008222
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2026-4205
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 3.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2026-4205
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2026-008222
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-008222 // NVD: CVE-2026-4205 // NVD: CVE-2026-4205

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

problemtype:CWE-74

Trust: 1.0

problemtype:injection (CWE-74) [ others ]

Trust: 0.8

problemtype: Command injection (CWE-77) [NVD evaluation ]

Trust: 0.8

problemtype: Command injection (CWE-77) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-008222 // NVD: CVE-2026-4205

PATCH

title:D-Link DNS-120/202L/315L/320/320L/320LW/321/322L/323/325/326/327L/326/340L/343/345/726-4/1100-4/1200-05/1550-04 up to 20260205 Command Injectionurl:https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_131/131.md

Trust: 0.8

sources: JVNDB: JVNDB-2026-008222

EXTERNAL IDS

db:NVDid:CVE-2026-4205

Trust: 2.6

db:VULDBid:351117

Trust: 1.0

db:JVNDBid:JVNDB-2026-008222

Trust: 0.8

sources: JVNDB: JVNDB-2026-008222 // NVD: CVE-2026-4205

REFERENCES

url:https://www.dlink.com/

Trust: 1.8

url:https://vuldb.com/?submit.770412

Trust: 1.0

url:https://vuldb.com/?submit.770411

Trust: 1.0

url:https://github.com/wudipjq/my_vuln/blob/main/d-link8/vuln_132/132.md

Trust: 1.0

url:https://github.com/wudipjq/my_vuln/blob/main/d-link8/vuln_131/131.md

Trust: 1.0

url:https://vuldb.com/?ctiid.351117

Trust: 1.0

url:https://vuldb.com/?id.351117

Trust: 1.0

url:https://vuldb.com/?submit.770410

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-4205

Trust: 0.8

sources: JVNDB: JVNDB-2026-008222 // NVD: CVE-2026-4205

SOURCES

db:JVNDBid:JVNDB-2026-008222
db:NVDid:CVE-2026-4205

LAST UPDATE DATE

2026-03-25T19:43:47.126000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-008222date:2026-03-24T05:37:00
db:NVDid:CVE-2026-4205date:2026-03-19T14:24:13.550

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-008222date:2026-03-24T00:00:00
db:NVDid:CVE-2026-4205date:2026-03-16T14:20:05.900