Analysis
Impact
The vulnerability is a stack-based buffer overflow in the cgi_myfavorite_del_user and cgi_myfavorite_verify functions of /cgi-bin/gui_mgr.cgi. Improper input validation allows an attacker to overwrite control data on the stack, providing the ability to execute arbitrary code on the device. The attack may be launched remotely via HTTP requests. This weakness is identified as CWE-119, CWE-121, and CWE-787.
Affected Systems
All D‑Link firmware listed in the scope is affected for releases up to 2026‑02‑05. The affected models include DNS‑120, DNR‑202L, DNS‑315L, DNS‑320, DNS‑320L, DNS‑320LW, DNS‑321, DNR‑322L, DNS‑323, DNS‑325, DNS‑326, DNS‑327L, DNR‑326, DNS‑340L, DNS‑343, DNS‑345, DNS‑726‑4, DNS‑1100‑4, DNS‑1200‑05, and DNS‑1550‑04. No later firmware revisions are listed as vulnerable in the provided data.
Risk and Exploitability
The CVSS score of 8.7 indicates high severity, and the EPSS score of less than 1% suggests that exploitation attempts are currently infrequent. The vulnerability is not yet catalogued in CISA’s KEV list. However, the exploit code is publicly available and can be triggered remotely through the gui_mgr.cgi interface, giving potential attackers a realistic attack vector if the device is exposed to the internet.
Mitre Data 
CPE Configurations 
Affected Packages
OpenCVE Enrichment 
Vulnrichment