Details of VAR-202603-1886

ID

VAR-202603-1886

CVE

CVE-2026-4194

TITLE

D-Link Corporation of dnr-202l Multiple vulnerabilities in multiple products, including firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-008228

DESCRIPTION

A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The impacted element is the function cgi_set_wto of the file /cgi-bin/system_mgr.cgi. Performing a manipulation results in improper access controls. Remote exploitation of the attack is possible. The exploit is now public and may be used. D-Link of DNS-120 , DNR-202L , DNS-315L , DNS-320 , DNS-320L , DNS-320LW , DNS-321 , DNR-322L , DNS-323 , DNS-325 , DNS-326 , DNS-327L , DNR-326 , DNS-340L , DNS-343 , DNS-345 , DNS-726-4 , DNS-1100-4 , DNS-1200-05 , DNS-1550-04 (( 2026 Year 2 Moon 5 A vulnerability has been detected in the version up to [date]. The affected files are... Remote attacks are possible, and exploit code has already been made public.All information handled by the software may be leaked to the outside. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-4194 // JVNDB: JVNDB-2026-008228

AFFECTED PRODUCTS

vendor:	dlink	model:	dns-327l	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	dlink	model:	dns-1100-4	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	dlink	model:	dns-343	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	dlink	model:	dns-345	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	dlink	model:	dnr-326	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	dlink	model:	dns-1550-04	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	dlink	model:	dns-321	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	dlink	model:	dns-325	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	dlink	model:	dns-120	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	dlink	model:	dns-315l	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	dlink	model:	dns-323	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	dlink	model:	dns-326	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	dlink	model:	dns-340l	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	dlink	model:	dns-320l	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	dlink	model:	dns-320lw	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	dlink	model:	dns-726-4	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	dlink	model:	dnr-202l	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	dlink	model:	dns-322l	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	dlink	model:	dns-1200-05	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	dlink	model:	dns-320	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	d link	model:	dns-315l	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	d-link dnr-326	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dnr-202l	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	d-link dns-322l	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	d-link dns-345	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	d-link dns-320lw	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dns-326	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dns-343	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dns-321	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	d-link dns-327l	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dns-1100-4	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dns-340l	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	d-link dns-320l	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dns-323	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dns-120	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dns-1200-05	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dns-726-4	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	d-link dns-320	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dns-1550-04	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	d-link dns-325	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-008228 // NVD: CVE-2026-4194

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2026-4194
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2026-4194
value:	CRITICAL
Trust: 1.0
OTHER:	JVNDB-2026-008228
value:	CRITICAL
Trust: 0.8

cna@vuldb.com:	CVE-2026-4194
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2026-008228
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

cna@vuldb.com:	CVE-2026-4194
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	3.4
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2026-4194
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2026-008228
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-008228 // NVD: CVE-2026-4194 // NVD: CVE-2026-4194

PROBLEMTYPE DATA

problemtype:	CWE-266	Trust: 1.0
problemtype:	CWE-284	Trust: 1.0
problemtype:	Improper permission settings (CWE-266) [ others ]	Trust: 0.8
problemtype:	Inappropriate access control (CWE-284) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-008228 // NVD: CVE-2026-4194

PATCH

title:

Submit #769853

url:

https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_96/96.md

Trust: 0.8

sources: JVNDB: JVNDB-2026-008228

EXTERNAL IDS

db:	NVD	id:	CVE-2026-4194	Trust: 2.6
db:	VULDB	id:	351106	Trust: 1.0
db:	JVNDB	id:	JVNDB-2026-008228	Trust: 0.8

sources: JVNDB: JVNDB-2026-008228 // NVD: CVE-2026-4194

REFERENCES

url:	https://www.dlink.com/	Trust: 1.8
url:	https://vuldb.com/?ctiid.351106	Trust: 1.0
url:	https://vuldb.com/?id.351106	Trust: 1.0
url:	https://vuldb.com/?submit.769853	Trust: 1.0
url:	https://github.com/wudipjq/my_vuln/blob/main/d-link8/vuln_96/96.md	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2026-4194	Trust: 0.8

sources: JVNDB: JVNDB-2026-008228 // NVD: CVE-2026-4194

SOURCES

db:	JVNDB	id:	JVNDB-2026-008228
db:	NVD	id:	CVE-2026-4194

LAST UPDATE DATE

2026-03-25T22:52:34.390000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-008228	date:	2026-03-24T05:37:00
db:	NVD	id:	CVE-2026-4194	date:	2026-03-19T14:21:30.100

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-008228	date:	2026-03-24T00:00:00
db:	NVD	id:	CVE-2026-4194	date:	2026-03-16T14:20:03.150