A stack-based buffer overflow occurs in the cgi_addgroup_get_group_quota_minsize function of /cgi-bin/account_mgr.cgi when the Name argument is manipulated. This overflow can overwrite adjacent stack data such as return addresses, giving an attacker the possibility of executing arbitrary code and gaining full control of the affected device.

The flaw affects a wide array of D‑Link routers and network devices, including models DNR‑202L, DNR‑322L, DNR‑326, DNS‑1100‑4, DNS‑120, DNS‑1200‑05, DNS‑1550‑04, DNS‑315L, DNS‑320, DNS‑320L, DNS‑320LW, DNS‑321, DNS‑323, DNS‑325, DNS‑326, DNS‑327L, DNS‑340L, DNS‑343, DNS‑345, and DNS‑726‑4. Firmware versions up to and including 20260205 are vulnerable; newer releases contain the fix.

The vulnerability carries a CVSS score of 8.7, indicating high severity, and an EPSS score below 1 %, suggesting a currently low exploitation probability. It is not listed in the CISA KEV catalog, but the exploit code has been publicly released. Attackers can trigger the overflow from any remote network via the device’s web interface, potentially leading to complete device compromise.