CVE-2026-4205: A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L…

low2.1CVSS 4.0

AVNACLATNPRLUINVCLVILVALSCNSINSANEPCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX

A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The impacted element is the function cgi_refresh_db/FTP_Server_BlockIP_Add/FTP_Server_BlockIP_Del of the file /cgi-bin/app_mgr.cgi. Such manipulation leads to command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.

Affected

40 ranges· showing 25

Vendor	Product	Version range	Fixed in
d-link	dnr-202l	—	—
d-link	dnr-322l	—	—
d-link	dnr-326	—	—
d-link	dns-1100-4	—	—
d-link	dns-120	—	—
d-link	dns-1200-05	—	—
d-link	dns-1550-04	—	—
d-link	dns-315l	—	—
d-link	dns-320	—	—
d-link	dns-320l	—	—
d-link	dns-320lw	—	—
d-link	dns-321	—	—
d-link	dns-323	—	—
d-link	dns-325	—	—
d-link	dns-326	—	—
d-link	dns-327l	—	—
d-link	dns-340l	—	—
d-link	dns-343	—	—
d-link	dns-345	—	—
d-link	dns-726-4	—	—
dlink	dnr-202l_firmware	<= 2026-02-05	—
dlink	dnr-326_firmware	<= 2026-02-05	—
dlink	dns-1100-4_firmware	<= 2026-02-05	—
dlink	dns-1200-05_firmware	<= 2026-02-05	—
dlink	dns-120_firmware	<= 2026-02-05	—