cbcvebase.
CVE-2026-4209
published 2026-03-16

CVE-2026-4209: A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L…

low2.1CVSS 4.0
AVNACLATNPRLUINVCLVILVALSCNSINSANEPCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function cgi_create_import_users/cgi_user_batch_create/cgi_user_set_quota/cgi_user_del/cgi_user_modify/cgi_group_set_quota/cgi_group_modify/cgi_group_add/cgi_user_add/cgi_get_modify_group_info/cgi_chg_admin_pw of the file /cgi-bin/account_mgr.cgi. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.

Affected

40 ranges· showing 25
VendorProductVersion rangeFixed in
d-linkdnr-202l
d-linkdnr-322l
d-linkdnr-326
d-linkdns-1100-4
d-linkdns-120
d-linkdns-1200-05
d-linkdns-1550-04
d-linkdns-315l
d-linkdns-320
d-linkdns-320l
d-linkdns-320lw
d-linkdns-321
d-linkdns-323
d-linkdns-325
d-linkdns-326
d-linkdns-327l
d-linkdns-340l
d-linkdns-343
d-linkdns-345
d-linkdns-726-4
dlinkdnr-202l_firmware<= 2026-02-05
dlinkdnr-326_firmware<= 2026-02-05
dlinkdns-1100-4_firmware<= 2026-02-05
dlinkdns-1200-05_firmware<= 2026-02-05
dlinkdns-120_firmware<= 2026-02-05