Description
A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function RSS_Get_Update_Status/RSS_Update/RSS_Channel_AutoDownlaod/RSS_Add/RSS_Channel_Item_Downlaod/RSS_History_Item_List/RSS_Item_List of the file /cgi-bin/download_mgr.cgi. The manipulation results in command injection. The attack may be performed from remote. The exploit has been made public and could be used.
Published: 2026-03-15
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

A vulnerability was discovered in the download manager of multiple D-Link DNS and DNR devices, specifically in the RSS_Item_List function of /cgi-bin/download_mgr.cgi. The flaw permits an attacker to inject arbitrary operating‑system commands via crafted input, which can be executed remotely. This leads to a loss of confidentiality, integrity, and availability of the affected device and the network it serves, corresponding to the CWE‑77 "Command Injection" weakness (also CWE‑74 "Error Reporting Vulnerability" is listed as an associated weakness).

Affected Systems

Affected products include all D-Link devices listed in the CNA data: D-Link:DNR-202L, D-Link:DNR-322L, D-Link:DNR-326, D-Link:DNS-1100-4, D-Link:DNS-120, D-Link:DNS-1200-05, D-Link:DNS-1550-04, D-Link:DNS-315L, D-Link:DNS-320, D-Link:DNS-320L, D-Link:DNS-320LW, D-Link:DNS-321, D-Link:DNS-323, D-Link:DNS-325, D-Link:DNS-326, D-Link:DNS-327L, D-Link:DNS-340L, D-Link:DNS-343, D-Link:DNS-345, D-Link:DNS-726-4. Firmware versions up to 20260205 contain the flaw; all later releases are assumed to be patched.

Risk and Exploitability

The CVSS v3.1 score of 5.3 indicates moderate severity. The EPSS probability is less than 1 %, suggesting a low likelihood of widespread exploitation at this time, and the issue is not listed in the CISA KEV catalog. Exploitation requires remote access to the device’s download_mgr.cgi endpoint; depending on device configuration, the attack may be possible over an unauthenticated HTTP request or an authenticated session. No specific exploitation conditions beyond reaching the endpoint are noted in the description.

Generated by OpenCVE AI on March 19, 2026 at 16:04 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update that removes the command injection vulnerability in download_mgr.cgi.
  • If a firmware patch is not yet available, block external HTTP(S) access to /cgi-bin/download_mgr.cgi or otherwise restrict network reachability to the affected device.
  • Monitor device logs for unexpected command execution or anomalous requests to the RSS_Item_List endpoint.
  • If neither patch nor network restriction is feasible, consider isolating the device from critical networks until remediation is applied.

Generated by OpenCVE AI on March 19, 2026 at 16:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 19 Mar 2026 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Dlink
Dlink dnr-202l
Dlink dnr-202l Firmware
Dlink dnr-326
Dlink dnr-326 Firmware
Dlink dns-1100-4
Dlink dns-1100-4 Firmware
Dlink dns-120
Dlink dns-1200-05
Dlink dns-1200-05 Firmware
Dlink dns-120 Firmware
Dlink dns-1550-04
Dlink dns-1550-04 Firmware
Dlink dns-315l
Dlink dns-315l Firmware
Dlink dns-320
Dlink dns-320 Firmware
Dlink dns-320l
Dlink dns-320l Firmware
Dlink dns-320lw
Dlink dns-320lw Firmware
Dlink dns-321
Dlink dns-321 Firmware
Dlink dns-322l
Dlink dns-322l Firmware
Dlink dns-323
Dlink dns-323 Firmware
Dlink dns-325
Dlink dns-325 Firmware
Dlink dns-326
Dlink dns-326 Firmware
Dlink dns-327l
Dlink dns-327l Firmware
Dlink dns-340l
Dlink dns-340l Firmware
Dlink dns-343
Dlink dns-343 Firmware
Dlink dns-345
Dlink dns-345 Firmware
Dlink dns-726-4
Dlink dns-726-4 Firmware
CPEs cpe:2.3:h:dlink:dnr-202l:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dnr-326:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dns-1100-4:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dns-1200-05:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dns-120:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dns-1550-04:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dns-315l:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dns-320:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dns-320l:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dns-320lw:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dns-321:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dns-322l:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dns-323:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dns-325:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dns-326:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dns-327l:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dns-340l:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dns-343:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dns-345:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dns-726-4:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dnr-202l_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dnr-326_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dns-1100-4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dns-1200-05_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dns-120_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dns-1550-04_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dns-315l_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dns-320_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dns-320l_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dns-320lw_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dns-321_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dns-322l_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dns-323_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dns-325_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dns-326_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dns-327l_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dns-340l_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dns-343_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dns-345_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dns-726-4_firmware:*:*:*:*:*:*:*:*
Vendors & Products Dlink
Dlink dnr-202l
Dlink dnr-202l Firmware
Dlink dnr-326
Dlink dnr-326 Firmware
Dlink dns-1100-4
Dlink dns-1100-4 Firmware
Dlink dns-120
Dlink dns-1200-05
Dlink dns-1200-05 Firmware
Dlink dns-120 Firmware
Dlink dns-1550-04
Dlink dns-1550-04 Firmware
Dlink dns-315l
Dlink dns-315l Firmware
Dlink dns-320
Dlink dns-320 Firmware
Dlink dns-320l
Dlink dns-320l Firmware
Dlink dns-320lw
Dlink dns-320lw Firmware
Dlink dns-321
Dlink dns-321 Firmware
Dlink dns-322l
Dlink dns-322l Firmware
Dlink dns-323
Dlink dns-323 Firmware
Dlink dns-325
Dlink dns-325 Firmware
Dlink dns-326
Dlink dns-326 Firmware
Dlink dns-327l
Dlink dns-327l Firmware
Dlink dns-340l
Dlink dns-340l Firmware
Dlink dns-343
Dlink dns-343 Firmware
Dlink dns-345
Dlink dns-345 Firmware
Dlink dns-726-4
Dlink dns-726-4 Firmware

Tue, 17 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared D-link
D-link dnr-202l
D-link dnr-322l
D-link dnr-326
D-link dns-1100-4
D-link dns-120
D-link dns-1200-05
D-link dns-1550-04
D-link dns-315l
D-link dns-320
D-link dns-320l
D-link dns-320lw
D-link dns-321
D-link dns-323
D-link dns-325
D-link dns-326
D-link dns-327l
D-link dns-340l
D-link dns-343
D-link dns-345
D-link dns-726-4
Vendors & Products D-link
D-link dnr-202l
D-link dnr-322l
D-link dnr-326
D-link dns-1100-4
D-link dns-120
D-link dns-1200-05
D-link dns-1550-04
D-link dns-315l
D-link dns-320
D-link dns-320l
D-link dns-320lw
D-link dns-321
D-link dns-323
D-link dns-325
D-link dns-326
D-link dns-327l
D-link dns-340l
D-link dns-343
D-link dns-345
D-link dns-726-4

Mon, 16 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 16 Mar 2026 00:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function RSS_Get_Update_Status/RSS_Update/RSS_Channel_AutoDownlaod/RSS_Add/RSS_Channel_Item_Downlaod/RSS_History_Item_List/RSS_Item_List of the file /cgi-bin/download_mgr.cgi. The manipulation results in command injection. The attack may be performed from remote. The exploit has been made public and could be used.
Title D-Link DNS-1550-04 download_mgr.cgi RSS_Item_List command injection
Weaknesses CWE-74
CWE-77
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

D-link Dnr-202l Dnr-322l Dnr-326 Dns-1100-4 Dns-120 Dns-1200-05 Dns-1550-04 Dns-315l Dns-320 Dns-320l Dns-320lw Dns-321 Dns-323 Dns-325 Dns-326 Dns-327l Dns-340l Dns-343 Dns-345 Dns-726-4
Dlink Dnr-202l Dnr-202l Firmware Dnr-326 Dnr-326 Firmware Dns-1100-4 Dns-1100-4 Firmware Dns-120 Dns-1200-05 Dns-1200-05 Firmware Dns-120 Firmware Dns-1550-04 Dns-1550-04 Firmware Dns-315l Dns-315l Firmware Dns-320 Dns-320 Firmware Dns-320l Dns-320l Firmware Dns-320lw Dns-320lw Firmware Dns-321 Dns-321 Firmware Dns-322l Dns-322l Firmware Dns-323 Dns-323 Firmware Dns-325 Dns-325 Firmware Dns-326 Dns-326 Firmware Dns-327l Dns-327l Firmware Dns-340l Dns-340l Firmware Dns-343 Dns-343 Firmware Dns-345 Dns-345 Firmware Dns-726-4 Dns-726-4 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-16T14:40:36.175Z

Reserved: 2026-03-15T08:22:57.970Z

Link: CVE-2026-4197

cve-icon Vulnrichment

Updated: 2026-03-16T14:36:54.891Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-16T14:20:04.023

Modified: 2026-03-19T14:22:36.180

Link: CVE-2026-4197

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T14:01:06Z

Weaknesses