A stack-based buffer overflow has been identified in the Local_Backup_Info function of /cgi-bin/local_backup_mgr.cgi on D‑Link devices. The flaw is triggered by manipulating the f_idx argument, allowing a remote attacker to overwrite the stack and potentially execute arbitrary code. The vulnerability is rated CVSS 8.7, indicating a high severity impact on confidentiality, integrity, and availability, and is classified under CWE-119, CWE-121, and CWE-787.

Affected D‑Link products include DNS‑120, DNR‑202L, DNS‑315L, DNS‑320, DNS‑320L, DNS‑320LW, DNS‑321, DNR‑322L, DNS‑323, DNS‑325, DNS‑326, DNS‑327L, DNR‑326, DNS‑340L, DNS‑343, DNS‑345, DNS‑726‑4, DNS‑1100‑4, DNS‑1200‑05, and DNS‑1550‑04 that possess firmware versions up to 20260205. No specific version ranges are listed in the provided data; all listed models are potentially vulnerable.

The exploit is remote and publicly available, though the EPSS score is below 1%, suggesting it is not widely used yet. The vulnerability is not listed in the CISA KEV catalog, but its high CVSS score and known public exploit code mean that the risk to any vulnerable device is significant. An attacker could gain full control of the device without local access, provided remote access to /cgi-bin/local_backup_mgr.cgi is allowed.