A stack‑based buffer overflow exists in the UPnP_AV_Server_Path_Del function of the /cgi-bin/app_mgr.cgi CGI script on several D‑Link routers. Manipulating the f_dir argument corrupts stack memory, allowing an attacker to execute arbitrary code on the device. The vulnerability is a classic example of buffer overflow (CWE‑119), stack corruption (CWE‑121), and out‑of‑bounds write (CWE‑787). Because the affected resource is reachable over HTTP, the exploit can be carried out remotely without prior local access.

The flaw appears on a wide range of D‑Link networking products, including the DNS‑1550‑04, DNS‑1100‑4, DNS‑120, DNS‑1200‑05, DNS‑320, DNS‑320L, DNS‑320LW, DNS‑321, DNS‑323, DNS‑325, DNS‑326, DNS‑327L, DNS‑340L, DNS‑343, DNS‑345, DNS‑726‑4, DNR‑202L, DNR‑322L, and DNR‑326 routers. Firmware builds up to and including the 20260205 release are vulnerable; newer builds are not indicated as affected.

The CVSS base score of 8.7 signals high severity, while an EPSS score of less than 1 % indicates a low but non‑zero likelihood of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog, yet a publicly available exploit has already been released, raising practical risk for devices exposed to the internet. The attack vector is remote, requiring only the ability to send a crafted HTTP request to /cgi-bin/app_mgr.cgi; no additional preconditions are described.