Analysis
Impact
A command injection flaw exists in the dsk_mgr.cgi web handler of multiple D‑Link routers. By manipulating the FMT_rebuild_diskmgr/FMT_create_diskmgr/ScanDisk_run_e2fsck functions, an attacker can inject arbitrary OS commands. The vulnerability is disclosed as a remote exploit; an attacker would achieve unauthorized code execution on the device, potentially leading to full system compromise and loss of device control. The weakness is identified as CWE‑74 (Command Injection) and CWE‑77 (Improper Control of Argument to Operating System Shell).
Affected Systems
The flaw affects a range of D‑Link products: DNR‑202L, DNR‑322L, DNR‑326, DNS‑1100‑4, DNS‑120, DNS‑1200‑05, DNS‑1550‑04, DNS‑315L, DNS‑320, DNS‑320L, DNS‑320LW, DNS‑321, DNS‑323, DNS‑325, DNS‑326, DNS‑327L, DNS‑340L, DNS‑343, DNS‑345, DNS‑726‑4. Firmware versions up to 20260205 are vulnerable; newer releases are unaffected.
Risk and Exploitability
The CVSS score of 5.3 indicates a moderate severity, while the EPSS score of <1% suggests a low exploitation likelihood. The vulnerability is not listed in the CISA KEV catalog. Attackers would need to target the web interface of the router; the description does not detail authentication requirements, so it is inferred that unauthenticated access is possible. Given the moderate score and low EPSS, the threat remains present but the probability of a widespread exploit is relatively low at present.
Mitre Data 
CPE Configurations 
Affected Packages
OpenCVE Enrichment 
Vulnrichment