Description
A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This affects an unknown function of the file /cgi-bin/wizard_mgr.cgi. Executing a manipulation can lead to command injection. The attack can be executed remotely. The exploit has been published and may be used.
Published: 2026-03-15
Score: 5.3 Medium
EPSS: 3.5% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability arises from a command injection flaw in the unknown "wizard_mgr.cgi" function exposed via the /cgi-bin path on affected D-Link devices. A malicious actor can send a crafted HTTP request to the wizard_mgr.cgi endpoint and cause the device to execute arbitrary shell commands. The injection weakness is identified as CWE-74 (Command Injection: Argument) and CWE-77 (Command Injection: OS Command injection). Successful exploitation permits an attacker to read, modify, or delete data on the device, potentially leading to full device compromise, unauthorized network access, or service disruption. The CVSS score of 5.3 reflects a moderate severity, indicating significant impact when exploited.

Affected Systems

The flaw affects multiple D-Link models, specifically: DNR-202L, DNR-322L, DNR-326, DNS-1100-4, DNS-120, DNS-1200-05, DNS-1550-04, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNS-323, DNS-325, DNS-326, DNS-327L, DNS-340L, DNS-343, DNS-345, and DNS-726-4. These devices are vulnerable when running firmware versions up to the release dated 20260205. No precise version range is provided; all devices listed are considered affected until a patch is applied.

Risk and Exploitability

The overall risk is moderate, reflected by the CVSS score of 5.3, with a low EPSS probability (3%) suggesting limited observed exploitation. However, the vulnerability is not listed in the CISA KEV catalog, yet published exploit code is available online. Attackers can exploit the flaw remotely over the network by issuing HTTP requests that trigger the wizard_mgr.cgi script, without requiring user interaction. Given the public availability of the exploit and the potential for complete device compromise, the recommended approach is to apply the vendor’s firmware update immediately to mitigate the risk.

Generated by OpenCVE AI on June 18, 2026 at 10:12 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update from the D-Link official website to all affected devices.
  • Block or restrict external access to the /cgi-bin/wizard_mgr.cgi endpoint using a firewall or ACL until the devices can be updated.
  • Enable and review system logs for evidence of command injection activity to detect exploitation attempts.

Generated by OpenCVE AI on June 18, 2026 at 10:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 19 Mar 2026 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Dlink
Dlink dnr-202l
Dlink dnr-202l Firmware
Dlink dnr-326
Dlink dnr-326 Firmware
Dlink dns-1100-4
Dlink dns-1100-4 Firmware
Dlink dns-120
Dlink dns-1200-05
Dlink dns-1200-05 Firmware
Dlink dns-120 Firmware
Dlink dns-1550-04
Dlink dns-1550-04 Firmware
Dlink dns-315l
Dlink dns-315l Firmware
Dlink dns-320
Dlink dns-320 Firmware
Dlink dns-320l
Dlink dns-320l Firmware
Dlink dns-320lw
Dlink dns-320lw Firmware
Dlink dns-321
Dlink dns-321 Firmware
Dlink dns-322l
Dlink dns-322l Firmware
Dlink dns-323
Dlink dns-323 Firmware
Dlink dns-325
Dlink dns-325 Firmware
Dlink dns-326
Dlink dns-326 Firmware
Dlink dns-327l
Dlink dns-327l Firmware
Dlink dns-340l
Dlink dns-340l Firmware
Dlink dns-343
Dlink dns-343 Firmware
Dlink dns-345
Dlink dns-345 Firmware
Dlink dns-726-4
Dlink dns-726-4 Firmware
CPEs cpe:2.3:h:dlink:dnr-202l:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dnr-326:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dns-1100-4:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dns-1200-05:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dns-120:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dns-1550-04:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dns-315l:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dns-320:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dns-320l:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dns-320lw:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dns-321:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dns-322l:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dns-323:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dns-325:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dns-326:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dns-327l:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dns-340l:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dns-343:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dns-345:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dns-726-4:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dnr-202l_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dnr-326_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dns-1100-4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dns-1200-05_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dns-120_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dns-1550-04_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dns-315l_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dns-320_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dns-320l_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dns-320lw_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dns-321_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dns-322l_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dns-323_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dns-325_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dns-326_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dns-327l_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dns-340l_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dns-343_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dns-345_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dns-726-4_firmware:*:*:*:*:*:*:*:*
Vendors & Products Dlink
Dlink dnr-202l
Dlink dnr-202l Firmware
Dlink dnr-326
Dlink dnr-326 Firmware
Dlink dns-1100-4
Dlink dns-1100-4 Firmware
Dlink dns-120
Dlink dns-1200-05
Dlink dns-1200-05 Firmware
Dlink dns-120 Firmware
Dlink dns-1550-04
Dlink dns-1550-04 Firmware
Dlink dns-315l
Dlink dns-315l Firmware
Dlink dns-320
Dlink dns-320 Firmware
Dlink dns-320l
Dlink dns-320l Firmware
Dlink dns-320lw
Dlink dns-320lw Firmware
Dlink dns-321
Dlink dns-321 Firmware
Dlink dns-322l
Dlink dns-322l Firmware
Dlink dns-323
Dlink dns-323 Firmware
Dlink dns-325
Dlink dns-325 Firmware
Dlink dns-326
Dlink dns-326 Firmware
Dlink dns-327l
Dlink dns-327l Firmware
Dlink dns-340l
Dlink dns-340l Firmware
Dlink dns-343
Dlink dns-343 Firmware
Dlink dns-345
Dlink dns-345 Firmware
Dlink dns-726-4
Dlink dns-726-4 Firmware

Tue, 17 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared D-link
D-link dnr-202l
D-link dnr-322l
D-link dnr-326
D-link dns-1100-4
D-link dns-120
D-link dns-1200-05
D-link dns-1550-04
D-link dns-315l
D-link dns-320
D-link dns-320l
D-link dns-320lw
D-link dns-321
D-link dns-323
D-link dns-325
D-link dns-326
D-link dns-327l
D-link dns-340l
D-link dns-343
D-link dns-345
D-link dns-726-4
Vendors & Products D-link
D-link dnr-202l
D-link dnr-322l
D-link dnr-326
D-link dns-1100-4
D-link dns-120
D-link dns-1200-05
D-link dns-1550-04
D-link dns-315l
D-link dns-320
D-link dns-320l
D-link dns-320lw
D-link dns-321
D-link dns-323
D-link dns-325
D-link dns-326
D-link dns-327l
D-link dns-340l
D-link dns-343
D-link dns-345
D-link dns-726-4

Mon, 16 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Sun, 15 Mar 2026 23:15:00 +0000

Type Values Removed Values Added
Description A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This affects an unknown function of the file /cgi-bin/wizard_mgr.cgi. Executing a manipulation can lead to command injection. The attack can be executed remotely. The exploit has been published and may be used.
Title D-Link DNS-1550-04 wizard_mgr.cgi command injection
Weaknesses CWE-74
CWE-77
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}


Subscriptions

D-link Dnr-202l Dnr-322l Dnr-326 Dns-1100-4 Dns-120 Dns-1200-05 Dns-1550-04 Dns-315l Dns-320 Dns-320l Dns-320lw Dns-321 Dns-323 Dns-325 Dns-326 Dns-327l Dns-340l Dns-343 Dns-345 Dns-726-4
Dlink Dnr-202l Dnr-202l Firmware Dnr-326 Dnr-326 Firmware Dns-1100-4 Dns-1100-4 Firmware Dns-120 Dns-1200-05 Dns-1200-05 Firmware Dns-120 Firmware Dns-1550-04 Dns-1550-04 Firmware Dns-315l Dns-315l Firmware Dns-320 Dns-320 Firmware Dns-320l Dns-320l Firmware Dns-320lw Dns-320lw Firmware Dns-321 Dns-321 Firmware Dns-322l Dns-322l Firmware Dns-323 Dns-323 Firmware Dns-325 Dns-325 Firmware Dns-326 Dns-326 Firmware Dns-327l Dns-327l Firmware Dns-340l Dns-340l Firmware Dns-343 Dns-343 Firmware Dns-345 Dns-345 Firmware Dns-726-4 Dns-726-4 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-16T14:40:35.838Z

Reserved: 2026-03-15T08:22:46.311Z

Link: CVE-2026-4195

cve-icon Vulnrichment

Updated: 2026-03-16T14:36:50.990Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-16T14:20:03.443

Modified: 2026-06-17T10:56:09.650

Link: CVE-2026-4195

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T10:15:03Z

Weaknesses
  • CWE-74

    Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

  • CWE-77

    Improper Neutralization of Special Elements used in a Command ('Command Injection')