Details of VAR-202604-0419

ID

VAR-202604-0419

CVE

CVE-2026-5311

TITLE

D-Link Corporation of dnr-202l Multiple vulnerabilities in multiple products, including firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-010317

DESCRIPTION

A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function Webdav_Access_List of the file /cgi-bin/file_center.cgi. Performing a manipulation of the argument cmd results in improper access controls. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. This vulnerability affects files. The method for exploiting the vulnerability has been made public and could be used to carry out attacks.There is a possibility that some of the information handled by the software may be leaked to the outside. However, the information handled by the software will not be rewritten. Furthermore, the software will not stop

Trust: 1.62

sources: NVD: CVE-2026-5311 // JVNDB: JVNDB-2026-010317

AFFECTED PRODUCTS

vendor:	dlink	model:	dnr-202l	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	dlink	model:	dns-343	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	dlink	model:	dns-322l	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	dlink	model:	dnr-326	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	dlink	model:	dns-320lw	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	dlink	model:	dns-320	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	dlink	model:	dns-1100-4	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	dlink	model:	dns-315l	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	dlink	model:	dns-345	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	dlink	model:	dns-326	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	dlink	model:	dns-340l	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	dlink	model:	dns-327l	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	dlink	model:	dns-120	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	dlink	model:	dns-320l	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	dlink	model:	dns-323	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	dlink	model:	dns-1200-05	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	dlink	model:	dns-321	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	dlink	model:	dns-325	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	dlink	model:	dns-1550-04	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	dlink	model:	dns-726-4	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	d link	model:	dns-726-4	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dns-340l	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dns-315l	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	d-link dnr-326	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dns-1550-04	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	d-link dns-325	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dns-343	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	d-link dns-345	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	d-link dns-322l	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dns-323	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	d-link dns-320lw	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dns-1100-4	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dns-326	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	d-link dns-327l	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	d-link dns-320	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dns-1200-05	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	d-link dns-320l	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dnr-202l	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dns-120	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dns-321	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-010317 // NVD: CVE-2026-5311

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2026-5311
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2026-010317
value:	MEDIUM
Trust: 0.8

cna@vuldb.com:	CVE-2026-5311
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2026-010317
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

cna@vuldb.com:	CVE-2026-5311
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2026-010317
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-010317 // NVD: CVE-2026-5311

PROBLEMTYPE DATA

problemtype:	CWE-284	Trust: 1.0
problemtype:	CWE-266	Trust: 1.0
problemtype:	Improper permission settings (CWE-266) [ others ]	Trust: 0.8
problemtype:	Inappropriate access control (CWE-284) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-010317 // NVD: CVE-2026-5311

PATCH

title:

//vuldb.com/vuln/354640

url:

https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_171/171.md

Trust: 0.8

sources: JVNDB: JVNDB-2026-010317

EXTERNAL IDS

db:	NVD	id:	CVE-2026-5311	Trust: 2.6
db:	JVNDB	id:	JVNDB-2026-010317	Trust: 0.8

sources: JVNDB: JVNDB-2026-010317 // NVD: CVE-2026-5311

REFERENCES

url:	https://www.dlink.com/	Trust: 1.8
url:	https://vuldb.com/vuln/354640/cti	Trust: 1.0
url:	https://vuldb.com/vuln/354640	Trust: 1.0
url:	https://github.com/wudipjq/my_vuln/blob/main/d-link8/vuln_171/171.md	Trust: 1.0
url:	https://vuldb.com/submit/780441	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2026-5311	Trust: 0.8

sources: JVNDB: JVNDB-2026-010317 // NVD: CVE-2026-5311

SOURCES

db:	JVNDB	id:	JVNDB-2026-010317
db:	NVD	id:	CVE-2026-5311

LAST UPDATE DATE

2026-04-11T00:02:03.907000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-010317	date:	2026-04-09T01:41:00
db:	NVD	id:	CVE-2026-5311	date:	2026-04-07T15:43:56.293

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-010317	date:	2026-04-09T00:00:00
db:	NVD	id:	CVE-2026-5311	date:	2026-04-01T20:16:29.950