cbcvebase.
CVE-2026-5212
published 2026-03-31

CVE-2026-5212: A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L…

high7.4CVSS 4.0
AVNACLATNPRLUINVCHVIHVAHSCNSINSANEPCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This issue affects the function Webdav_Upload_File of the file /cgi-bin/webdav_mgr.cgi. The manipulation of the argument f_file leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.

Affected

40 ranges· showing 25
VendorProductVersion rangeFixed in
d-linkdnr-202l
d-linkdnr-322l
d-linkdnr-326
d-linkdns-1100-4
d-linkdns-120
d-linkdns-1200-05
d-linkdns-1550-04
d-linkdns-315l
d-linkdns-320
d-linkdns-320l
d-linkdns-320lw
d-linkdns-321
d-linkdns-323
d-linkdns-325
d-linkdns-326
d-linkdns-327l
d-linkdns-340l
d-linkdns-343
d-linkdns-345
d-linkdns-726-4
dlinkdnr-202l_firmware<= 2026-02-05
dlinkdnr-326_firmware<= 2026-02-05
dlinkdns-1100-4_firmware<= 2026-02-05
dlinkdns-1200-05_firmware<= 2026-02-05
dlinkdns-120_firmware<= 2026-02-05