A flaw in the WebDAV Access List function of file_center.cgi lets attackers manipulate the cmd parameter to bypass the router’s authentication controls. This improper access control permits unauthorized reading or writing of files stored on the device, potentially exposing configuration data or enabling further compromise. The weakness aligns with CWE‑266 and CWE‑284 regarding credential management and improper authorization.

D-Link routers and gateways—including the DNR‑202L, DNR‑322L, DNR‑326, DNS‑1100‑4, DNS‑120, DNS‑1200‑05, DNS‑1550‑04, DNS‑315L, DNS‑320, DNS‑320L, DNS‑320LW, DNS‑321, DNS‑322L, DNS‑323, DNS‑325, DNS‑326, DNS‑327L, DNS‑340L, DNS‑343, DNS‑345, and DNS‑726‑4—are affected for firmware versions up through 20260205.

The CVSS score is 6.9, indicating a medium severity, while the EPSS score is below 1 %, suggesting that exploitation is relatively uncommon. The flaw is not listed in CISA’s KEV catalog, yet published exploit code has been released to the public. Attackers can reach the vulnerable function remotely over WebDAV, manipulate the cmd argument, and gain unauthorized file access. The lack of an official patch is noted, so current risk remains medium; however, the low EPSS indicates exploitation is unlikely unless a new exploit version is developed.