Sign-up

ID

VAR-202603-1532


CVE

CVE-2026-4209


TITLE

D-Link Corporation of dnr-202l  Multiple vulnerabilities in multiple products, including firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-008219

DESCRIPTION

A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function cgi_create_import_users/cgi_user_batch_create/cgi_user_set_quota/cgi_user_del/cgi_user_modify/cgi_group_set_quota/cgi_group_modify/cgi_group_add/cgi_user_add/cgi_get_modify_group_info/cgi_chg_admin_pw of the file /cgi-bin/account_mgr.cgi. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. D-Link of DNS-120 , DNR-202L , DNS-315L , DNS-320 , DNS-320L , DNS-320LW , DNS-321 , DNR-322L , DNS-323 , DNS-325 , DNS-326 , DNS-327L , DNR-326 , DNS-340L , DNS-343 , DNS-345 , DNS-726-4 , DNS-1100-4 , DNS-1200-05 and DNS-1550-04 (( 2026 Year 2 Moon 5 A vulnerability was discovered (up to [date]). The affected files are: /cgi-bin/account_mgr.cgi Functions in cgi_create_import_users , cgi_user_batch_create , cgi_user_set_quota , cgi_user_del , cgi_user_modify , cgi_group_set_quota , cgi_group_modify , cgi_group_add , cgi_user_add , cgi_get_modify_group_info , cgi_chg_admin_pw This operation results in command injection. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-4209 // JVNDB: JVNDB-2026-008219

AFFECTED PRODUCTS

vendor:dlinkmodel:dns-327lscope:lteversion:2026-02-05

Trust: 1.0

vendor:dlinkmodel:dns-1100-4scope:lteversion:2026-02-05

Trust: 1.0

vendor:dlinkmodel:dns-343scope:lteversion:2026-02-05

Trust: 1.0

vendor:dlinkmodel:dns-345scope:lteversion:2026-02-05

Trust: 1.0

vendor:dlinkmodel:dnr-326scope:lteversion:2026-02-05

Trust: 1.0

vendor:dlinkmodel:dns-1550-04scope:lteversion:2026-02-05

Trust: 1.0

vendor:dlinkmodel:dns-321scope:lteversion:2026-02-05

Trust: 1.0

vendor:dlinkmodel:dns-325scope:lteversion:2026-02-05

Trust: 1.0

vendor:dlinkmodel:dns-120scope:lteversion:2026-02-05

Trust: 1.0

vendor:dlinkmodel:dns-315lscope:lteversion:2026-02-05

Trust: 1.0

vendor:dlinkmodel:dns-323scope:lteversion:2026-02-05

Trust: 1.0

vendor:dlinkmodel:dns-326scope:lteversion:2026-02-05

Trust: 1.0

vendor:dlinkmodel:dns-340lscope:lteversion:2026-02-05

Trust: 1.0

vendor:dlinkmodel:dns-320lscope:lteversion:2026-02-05

Trust: 1.0

vendor:dlinkmodel:dns-320lwscope:lteversion:2026-02-05

Trust: 1.0

vendor:dlinkmodel:dns-726-4scope:lteversion:2026-02-05

Trust: 1.0

vendor:dlinkmodel:dnr-202lscope:lteversion:2026-02-05

Trust: 1.0

vendor:dlinkmodel:dns-322lscope:lteversion:2026-02-05

Trust: 1.0

vendor:dlinkmodel:dns-1200-05scope:lteversion:2026-02-05

Trust: 1.0

vendor:dlinkmodel:dns-320scope:lteversion:2026-02-05

Trust: 1.0

vendor:d linkmodel:dns-315lscope: - version: -

Trust: 0.8

vendor:d linkmodel:d-link dnr-326scope: - version: -

Trust: 0.8

vendor:d linkmodel:dnr-202lscope: - version: -

Trust: 0.8

vendor:d linkmodel:d-link dns-322lscope: - version: -

Trust: 0.8

vendor:d linkmodel:d-link dns-345scope: - version: -

Trust: 0.8

vendor:d linkmodel:d-link dns-320lwscope: - version: -

Trust: 0.8

vendor:d linkmodel:dns-326scope: - version: -

Trust: 0.8

vendor:d linkmodel:dns-343scope: - version: -

Trust: 0.8

vendor:d linkmodel:dns-321scope: - version: -

Trust: 0.8

vendor:d linkmodel:d-link dns-327lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dns-1100-4scope: - version: -

Trust: 0.8

vendor:d linkmodel:dns-340lscope: - version: -

Trust: 0.8

vendor:d linkmodel:d-link dns-320lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dns-323scope: - version: -

Trust: 0.8

vendor:d linkmodel:dns-120scope: - version: -

Trust: 0.8

vendor:d linkmodel:dns-1200-05scope: - version: -

Trust: 0.8

vendor:d linkmodel:dns-726-4scope: - version: -

Trust: 0.8

vendor:d linkmodel:d-link dns-320scope: - version: -

Trust: 0.8

vendor:d linkmodel:dns-1550-04scope: - version: -

Trust: 0.8

vendor:d linkmodel:d-link dns-325scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2026-008219 // NVD: CVE-2026-4209

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2026-4209
value: LOW

Trust: 1.0

nvd@nist.gov: CVE-2026-4209
value: CRITICAL

Trust: 1.0

OTHER: JVNDB-2026-008219
value: CRITICAL

Trust: 0.8

cna@vuldb.com: CVE-2026-4209
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2026-008219
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2026-4209
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 3.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2026-4209
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2026-008219
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-008219 // NVD: CVE-2026-4209 // NVD: CVE-2026-4209

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

problemtype:CWE-74

Trust: 1.0

problemtype:injection (CWE-74) [ others ]

Trust: 0.8

problemtype: Command injection (CWE-77) [NVD evaluation ]

Trust: 0.8

problemtype: Command injection (CWE-77) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-008219 // NVD: CVE-2026-4209

PATCH

title:CVE-2026-4209 D-Link DNS-1550-04 account_mgr.cgi cgi_chg_admin_pw command injectionurl:https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_148/148.md

Trust: 0.8

sources: JVNDB: JVNDB-2026-008219

EXTERNAL IDS

db:NVDid:CVE-2026-4209

Trust: 2.6

db:VULDBid:351120

Trust: 1.0

db:JVNDBid:JVNDB-2026-008219

Trust: 0.8

sources: JVNDB: JVNDB-2026-008219 // NVD: CVE-2026-4209

REFERENCES

url:https://www.dlink.com/

Trust: 1.8

url:https://github.com/wudipjq/my_vuln/blob/main/d-link8/vuln_149/149.md

Trust: 1.0

url:https://vuldb.com/?submit.770438

Trust: 1.0

url:https://vuldb.com/?submit.770430

Trust: 1.0

url:https://vuldb.com/?submit.770436

Trust: 1.0

url:https://github.com/wudipjq/my_vuln/blob/main/d-link8/vuln_148/148.md

Trust: 1.0

url:https://vuldb.com/?submit.770434

Trust: 1.0

url:https://vuldb.com/?id.351120

Trust: 1.0

url:https://vuldb.com/?submit.770431

Trust: 1.0

url:https://vuldb.com/?submit.770432

Trust: 1.0

url:https://vuldb.com/?submit.770437

Trust: 1.0

url:https://vuldb.com/?submit.770429

Trust: 1.0

url:https://vuldb.com/?ctiid.351120

Trust: 1.0

url:https://vuldb.com/?submit.770433

Trust: 1.0

url:https://vuldb.com/?submit.770435

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-4209

Trust: 0.8

sources: JVNDB: JVNDB-2026-008219 // NVD: CVE-2026-4209

SOURCES

db:JVNDBid:JVNDB-2026-008219
db:NVDid:CVE-2026-4209

LAST UPDATE DATE

2026-03-25T22:54:32.842000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-008219date:2026-03-24T05:37:00
db:NVDid:CVE-2026-4209date:2026-03-19T14:27:04.337

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-008219date:2026-03-24T00:00:00
db:NVDid:CVE-2026-4209date:2026-03-16T14:20:06.803