Analysis
Impact
A flaw exists in D‑Link routers that allows a remote attacker to trigger a stack‑based buffer overflow by supplying a crafted value in the f_file argument to /cgi-bin/webdav_mgr.cgi. The overflow can overwrite stack memory, which may lead to arbitrary code execution on the device. The weakness is categorized as CWE‑119, CWE‑121 and CWE‑787, all relating to buffer overflows and stack corruption.
Affected Systems
The vulnerability affects a wide range of D‑Link DNS and DNR models, including DNS‑1100‑4, DNS‑120, DNS‑1200‑05, DNS‑1550‑04, DNS‑315L, DNS‑320, DNS‑320L, DNS‑320LW, DNS‑321, DNS‑323, DNS‑325, DNS‑326, DNS‑327L, DNS‑340L, DNS‑343, DNS‑345, DNS‑726‑4, as well as the DNR‑202L, DNR‑322L and DNR‑326 series. Firmware versions up through 20260205 contain the vulnerable implementation of Webdav_Upload_File.
Risk and Exploitability
The CVSS score for this issue is 8.7, indicating a high severity impact. EPSS indicates a less than 1% probability of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is through the router’s HTTP/HTTPS interface to the /cgi-bin/webdav_mgr.cgi endpoint. Exploitation requires that the WebDAV module be enabled and reachable from the attacker’s network, a condition that is often present on default installations.
Mitre Data 
CPE Configurations 
Affected Packages
OpenCVE Enrichment 
Vulnrichment