Sign-up

ID

VAR-202603-5607


CVE

CVE-2026-5213


TITLE

D-Link Corporation of dnr-202l  Multiple vulnerabilities in multiple products, including firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-009894

DESCRIPTION

A vulnerability was determined in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The affected element is the function cgi_adduser_to_session of the file /cgi-bin/account_mgr.cgi. This manipulation of the argument read_list causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. D-Link of DNS-120 , DNR-202L , DNS-315L , DNS-320 , DNS-320L , DNS-320LW , DNS-321 , DNR-322L , DNS-323 , DNS-325 , DNS-326 , DNS-327L , DNR-326 , DNS-340L , DNS-343 , DNS-345 , DNS-726-4 , DNS-1100-4 , DNS-1200-05 and DNS-1550-04 (( 2026 Year 2 Moon 5 The vulnerability was identified on [date]. This exploit is public and can be exploited.All information handled by the software may be leaked to the outside. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-5213 // JVNDB: JVNDB-2026-009894

AFFECTED PRODUCTS

vendor:dlinkmodel:dns-321scope:lteversion:2026-02-05

Trust: 1.0

vendor:dlinkmodel:dns-345scope:lteversion:2026-02-05

Trust: 1.0

vendor:dlinkmodel:dns-326scope:lteversion:2026-02-05

Trust: 1.0

vendor:dlinkmodel:dns-320lwscope:lteversion:2026-02-05

Trust: 1.0

vendor:dlinkmodel:dns-1550-04scope:lteversion:2026-02-05

Trust: 1.0

vendor:dlinkmodel:dns-320scope:lteversion:2026-02-05

Trust: 1.0

vendor:dlinkmodel:dns-325scope:lteversion:2026-02-05

Trust: 1.0

vendor:dlinkmodel:dns-726-4scope:lteversion:2026-02-05

Trust: 1.0

vendor:dlinkmodel:dns-1200-05scope:lteversion:2026-02-05

Trust: 1.0

vendor:dlinkmodel:dns-343scope:lteversion:2026-02-05

Trust: 1.0

vendor:dlinkmodel:dns-327lscope:lteversion:2026-02-05

Trust: 1.0

vendor:dlinkmodel:dnr-326scope:lteversion:2026-02-05

Trust: 1.0

vendor:dlinkmodel:dns-340lscope:lteversion:2026-02-05

Trust: 1.0

vendor:dlinkmodel:dns-322lscope:lteversion:2026-02-05

Trust: 1.0

vendor:dlinkmodel:dns-1100-4scope:lteversion:2026-02-05

Trust: 1.0

vendor:dlinkmodel:dnr-202lscope:lteversion:2026-02-05

Trust: 1.0

vendor:dlinkmodel:dns-315lscope:lteversion:2026-02-05

Trust: 1.0

vendor:dlinkmodel:dns-120scope:lteversion:2026-02-05

Trust: 1.0

vendor:dlinkmodel:dns-320lscope:lteversion:2026-02-05

Trust: 1.0

vendor:dlinkmodel:dns-323scope:lteversion:2026-02-05

Trust: 1.0

vendor:d linkmodel:d-link dns-320lscope: - version: -

Trust: 0.8

vendor:d linkmodel:d-link dns-327lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dns-315lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dns-321scope: - version: -

Trust: 0.8

vendor:d linkmodel:d-link dns-322lscope: - version: -

Trust: 0.8

vendor:d linkmodel:d-link dns-325scope: - version: -

Trust: 0.8

vendor:d linkmodel:dns-343scope: - version: -

Trust: 0.8

vendor:d linkmodel:dns-1200-05scope: - version: -

Trust: 0.8

vendor:d linkmodel:dns-323scope: - version: -

Trust: 0.8

vendor:d linkmodel:dns-1100-4scope: - version: -

Trust: 0.8

vendor:d linkmodel:dns-340lscope: - version: -

Trust: 0.8

vendor:d linkmodel:d-link dns-320scope: - version: -

Trust: 0.8

vendor:d linkmodel:d-link dns-320lwscope: - version: -

Trust: 0.8

vendor:d linkmodel:dns-326scope: - version: -

Trust: 0.8

vendor:d linkmodel:dns-1550-04scope: - version: -

Trust: 0.8

vendor:d linkmodel:dns-120scope: - version: -

Trust: 0.8

vendor:d linkmodel:d-link dnr-326scope: - version: -

Trust: 0.8

vendor:d linkmodel:dnr-202lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dns-726-4scope: - version: -

Trust: 0.8

vendor:d linkmodel:d-link dns-345scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2026-009894 // NVD: CVE-2026-5213

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2026-5213
value: HIGH

Trust: 1.0

OTHER: JVNDB-2026-009894
value: HIGH

Trust: 0.8

cna@vuldb.com: CVE-2026-5213
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2026-009894
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2026-5213
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2026-009894
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-009894 // NVD: CVE-2026-5213

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:CWE-787

Trust: 1.0

problemtype:CWE-119

Trust: 1.0

problemtype:Buffer error (CWE-119) [ others ]

Trust: 0.8

problemtype: Stack-based buffer overflow (CWE-121) [ others ]

Trust: 0.8

problemtype: Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-009894 // NVD: CVE-2026-5213

PATCH

title://vuldb.com/vuln/354350url:https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_168/168.md

Trust: 0.8

sources: JVNDB: JVNDB-2026-009894

EXTERNAL IDS

db:NVDid:CVE-2026-5213

Trust: 2.6

db:JVNDBid:JVNDB-2026-009894

Trust: 0.8

sources: JVNDB: JVNDB-2026-009894 // NVD: CVE-2026-5213

REFERENCES

url:https://www.dlink.com/

Trust: 1.8

url:https://vuldb.com/vuln/354350/cti

Trust: 1.0

url:https://vuldb.com/submit/780437

Trust: 1.0

url:https://github.com/wudipjq/my_vuln/blob/main/d-link8/vuln_168/168.md

Trust: 1.0

url:https://vuldb.com/vuln/354350

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-5213

Trust: 0.8

sources: JVNDB: JVNDB-2026-009894 // NVD: CVE-2026-5213

SOURCES

db:JVNDBid:JVNDB-2026-009894
db:NVDid:CVE-2026-5213

LAST UPDATE DATE

2026-04-07T23:34:32.486000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-009894date:2026-04-06T02:55:00
db:NVDid:CVE-2026-5213date:2026-04-02T17:15:28.163

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-009894date:2026-04-06T00:00:00
db:NVDid:CVE-2026-5213date:2026-03-31T21:16:34.167