Key detail from CVE description: a stack-based buffer overflow occurs in the Downloads_Schedule_Info function of /cgi-bin/download_mgr.cgi on D-Link devices. The vulnerability can be triggered remotely by sending a crafted request. While the CVE notes the presence of a stack overflow, the actual consequence of the overflow (such as code execution) is not explicitly stated in the data. Based on the nature of stack overflows, it is inferred that an attacker could potentially manipulate the program’s control flow, which may lead to escalation of privileges or compromise of the device.

Affected products are listed in the known CNA vendors products field. They include D-Link DNS-120, DNS-1100-4, DNS-1200-05, DNS-1550-04, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-202L, DNR-322L, DNR-326, DNS-323, DNS-325, DNS-326, DNS-327L, DNS-340L, DNS-343, DNS-345, DNS-726-4, and related devices such as DNR-202L and DNR-326. The firmware versions up to 20260205 are vulnerable; no data is provided for later versions, so the vulnerability may not affect releases newer than that date.

The CVSS score of 8.7 indicates a high severity vulnerability. The EPSS score of less than 1% suggests that exploitation in the wild is currently unlikely. The vulnerability is not listed in the CISA KEV catalog. The attack vector is remote, requiring access to the device’s web interface to send a malicious request to /cgi-bin/download_mgr.cgi. The stack-based buffer overflow can potentially allow an attacker to overwrite return addresses or other control data, and while the CVE does not confirm code execution, such an exploit path is a reasonable inference based on the weakness type (CWE-119, CWE-121, CWE-787).