Details of VAR-202604-0545

ID

VAR-202604-0545

CVE

CVE-2026-5312

TITLE

D-Link Corporation of dnr-202l Multiple vulnerabilities in multiple products, including firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-010316

DESCRIPTION

A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected by this vulnerability is the function FMT_restart/Status_HDInfo/SMART_List/ScanDisk_info/ScanDisk/volume_status/Get_Volume_Mapping/FMT_check_disk_remount_state/FMT_rebuildinfo/FMT_result_list/FMT_result_list_phy/FMT_get_dminfo/FMT_manually_rebuild_info/Get_current_raidtype of the file /cgi-bin/dsk_mgr.cgi. Executing a manipulation can lead to improper access controls. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. D-Link of DNS-120 , DNR-202L , DNS-315L , DNS-320 , DNS-320L , DNS-320LW , DNS-321 , DNR-322L , DNS-323 , DNS-325 , DNS-326 , DNS-327L , DNR-326 , DNS-340L , DNS-343 , DNS-345 , DNS-726-4 , DNS-1100-4 , DNS-1200-05 and DNS-1550-04 (( 2026 Year 2 Moon 5 A vulnerability was identified (up to [date]). Exploits for this vulnerability are publicly available and could be used to attack.Information handled by the software will not be leaked to the outside. Information handled by the software will not be rewritten. In addition, part of the software may stop functioning. Furthermore, attacks exploiting this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-5312 // JVNDB: JVNDB-2026-010316

AFFECTED PRODUCTS

vendor:	dlink	model:	dnr-202l	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	dlink	model:	dns-343	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	dlink	model:	dns-322l	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	dlink	model:	dnr-326	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	dlink	model:	dns-320lw	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	dlink	model:	dns-320	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	dlink	model:	dns-1100-4	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	dlink	model:	dns-315l	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	dlink	model:	dns-345	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	dlink	model:	dns-326	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	dlink	model:	dns-340l	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	dlink	model:	dns-327l	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	dlink	model:	dns-320l	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	dlink	model:	dns-323	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	dlink	model:	dns-120	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	dlink	model:	dns-1200-05	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	dlink	model:	dns-321	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	dlink	model:	dns-325	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	dlink	model:	dns-1550-04	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	dlink	model:	dns-726-4	scope:	lte	version:	2026-02-05	Trust: 1.0
vendor:	d link	model:	dns-726-4	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dns-340l	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dns-315l	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	d-link dnr-326	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dns-1550-04	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	d-link dns-325	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dns-343	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	d-link dns-345	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	d-link dns-322l	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dns-323	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	d-link dns-320lw	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dns-1100-4	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dns-326	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	d-link dns-327l	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	d-link dns-320	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dns-1200-05	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	d-link dns-320l	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dnr-202l	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dns-120	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dns-321	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-010316 // NVD: CVE-2026-5312

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2026-5312
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2026-010316
value:	MEDIUM
Trust: 0.8

cna@vuldb.com:	CVE-2026-5312
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2026-010316
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

cna@vuldb.com:	CVE-2026-5312
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2026-010316
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-010316 // NVD: CVE-2026-5312

PROBLEMTYPE DATA

problemtype:	CWE-284	Trust: 1.0
problemtype:	CWE-266	Trust: 1.0
problemtype:	Improper permission settings (CWE-266) [ others ]	Trust: 0.8
problemtype:	Inappropriate access control (CWE-284) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-010316 // NVD: CVE-2026-5312

PATCH

title:

https

url:

https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_172/172.md

Trust: 0.8

sources: JVNDB: JVNDB-2026-010316

EXTERNAL IDS

db:	NVD	id:	CVE-2026-5312	Trust: 2.6
db:	JVNDB	id:	JVNDB-2026-010316	Trust: 0.8

sources: JVNDB: JVNDB-2026-010316 // NVD: CVE-2026-5312

REFERENCES

url:	https://www.dlink.com/	Trust: 1.8
url:	https://vuldb.com/submit/780442	Trust: 1.0
url:	https://vuldb.com/vuln/354641	Trust: 1.0
url:	https://vuldb.com/submit/780443	Trust: 1.0
url:	https://github.com/wudipjq/my_vuln/blob/main/d-link8/vuln_172/172.md	Trust: 1.0
url:	https://github.com/wudipjq/my_vuln/blob/main/d-link8/vuln_173/173.md	Trust: 1.0
url:	https://vuldb.com/vuln/354641/cti	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2026-5312	Trust: 0.8

sources: JVNDB: JVNDB-2026-010316 // NVD: CVE-2026-5312

SOURCES

db:	JVNDB	id:	JVNDB-2026-010316
db:	NVD	id:	CVE-2026-5312

LAST UPDATE DATE

2026-04-11T00:02:03.860000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-010316	date:	2026-04-09T01:41:00
db:	NVD	id:	CVE-2026-5312	date:	2026-04-07T15:42:59.280

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-010316	date:	2026-04-09T00:00:00
db:	NVD	id:	CVE-2026-5312	date:	2026-04-01T21:17:03.613