Description
A security flaw has been discovered in D-Link DNS-320 2.06B01. This affects the function delete/rename/copy/move/chmod/chown of the file /cgi-bin/webfile_mgr.cgi. The manipulation results in os command injection. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.
Published: 2026-05-11
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an OS command injection flaw in the file‑management functions delete/rename/copy/move/chmod/chown of the /cgi‑bin/webfile_mgr.cgi script on D‑Link DNS‑320 routers. An attacker can construct HTTP requests that cause the web server to execute arbitrary operating‑system commands with the web server’s privileges. This permits remote code execution on the device and can be leveraged for full control of the router and the network it serves. The CVSS score of 5.1 reflects moderate severity; the exploit is publicly available, the endpoint is reachable via the web interface, and the vulnerability is not listed in the CISA KEV catalog. The EPSS score is not available, but public availability indicates a realistic risk of exploitation, especially for devices left exposed on the internet.

Affected Systems

D‑Link DNS‑320 devices running firmware version 2.06B01. The flaw is limited to the webfile_mgr.cgi functionality exposed through the standard web administration interface of this firmware release.

Risk and Exploitability

With a CVSS of 5.1, the risk is moderate but tangible because the flaw permits remote code execution once an attacker can reach the router’s web interface. The exploit is known and publicly released, so administrators should treat the vulnerability as a high priority for remediation. The lack of a KEV listing does not mitigate the risk, as the public exploit can be used against any exposed device that still runs the affected firmware.

Generated by OpenCVE AI on May 11, 2026 at 06:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the DNS‑320 firmware to a version that includes the webfile_mgr.cgi fix.
  • Disable or restrict access to the /cgi‑bin/webfile_mgr.cgi endpoint or the file‑management features via the router’s web interface settings.
  • Implement a web application firewall or firewall rule to block HTTP requests that include command‑execution patterns targeting webfile_mgr.cgi.
  • Regularly monitor router logs for anomalous file‑operation requests or unexpected command execution and investigate any findings.

Generated by OpenCVE AI on May 11, 2026 at 06:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 11 May 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Dlink
Dlink dns-320
Dlink dns-320 Firmware
CPEs cpe:2.3:h:dlink:dns-320:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dns-320_firmware:2.06b01:*:*:*:*:*:*:*
Vendors & Products Dlink
Dlink dns-320
Dlink dns-320 Firmware

Mon, 11 May 2026 06:45:00 +0000

Type Values Removed Values Added
First Time appeared D-link
D-link dns-320
Vendors & Products D-link
D-link dns-320

Mon, 11 May 2026 05:00:00 +0000

Type Values Removed Values Added
Description A security flaw has been discovered in D-Link DNS-320 2.06B01. This affects the function delete/rename/copy/move/chmod/chown of the file /cgi-bin/webfile_mgr.cgi. The manipulation results in os command injection. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.
Title D-Link DNS-320 webfile_mgr.cgi chown os command injection
Weaknesses CWE-77
CWE-78
References
Metrics cvssV2_0

{'score': 5.8, 'vector': 'AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.7, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

D-link Dns-320
Dlink Dns-320 Dns-320 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-12T13:42:32.061Z

Reserved: 2026-05-10T15:53:56.029Z

Link: CVE-2026-8272

cve-icon Vulnrichment

Updated: 2026-05-12T13:42:25.850Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-11T05:16:16.253

Modified: 2026-05-11T20:32:28.223

Link: CVE-2026-8272

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-11T07:00:12Z

Weaknesses