CVE-2026-5211
D-Link DNS-1550-04 app_mgr.cgi UPnP_AV_Server_Path_Del stack-based overflow
CVSS Score
8.8
EPSS Score
0.0%
EPSS Percentile
0th
A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This vulnerability affects the function UPnP_AV_Server_Path_Del of the file /cgi-bin/app_mgr.cgi. Executing a manipulation of the argument f_dir can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been published and may be used.
| CWE | CWE-121 CWE-119 |
| Vendor | d-link |
| Product | dns-120 |
| Published | Mar 31, 2026 |
| Last Updated | Apr 1, 2026 |
Stay Ahead of the Next One
Get instant alerts for d-link dns-120
Be the first to know when new high vulnerabilities affecting d-link dns-120 are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
D-Link / DNS-120
20260205
D-Link / DNR-202L
20260205
D-Link / DNS-315L
20260205
D-Link / DNS-320
20260205
D-Link / DNS-320L
20260205
D-Link / DNS-320LW
20260205
D-Link / DNS-321
20260205
D-Link / DNR-322L
20260205
D-Link / DNS-323
20260205
D-Link / DNS-325
20260205
D-Link / DNS-326
20260205
D-Link / DNS-327L
20260205
D-Link / DNR-326
20260205
D-Link / DNS-340L
20260205
D-Link / DNS-343
20260205
D-Link / DNS-345
20260205
D-Link / DNS-726-4
20260205
D-Link / DNS-1100-4
20260205
D-Link / DNS-1200-05
20260205
D-Link / DNS-1550-04
20260205
References
Credits
๐ Ziyue Xie (VulDB User)