CVE-2026-5215
D-Link DNS-1550-04 network_mgr.cgi cgi_get_ipv6 access control
CVSS Score
4.3
EPSS Score
0.0%
EPSS Percentile
9th
A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The impacted element is the function cgi_get_ipv6 of the file /cgi-bin/network_mgr.cgi. Such manipulation leads to improper access controls. The exploit is publicly available and might be used.
| CWE | CWE-284 CWE-266 |
| Vendor | d-link |
| Product | dns-120 |
| Published | Mar 31, 2026 |
| Last Updated | Apr 1, 2026 |
Stay Ahead of the Next One
Get instant alerts for d-link dns-120
Be the first to know when new medium vulnerabilities affecting d-link dns-120 are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
D-Link / DNS-120
20260205
D-Link / DNR-202L
20260205
D-Link / DNS-315L
20260205
D-Link / DNS-320
20260205
D-Link / DNS-320L
20260205
D-Link / DNS-320LW
20260205
D-Link / DNS-321
20260205
D-Link / DNR-322L
20260205
D-Link / DNS-323
20260205
D-Link / DNS-325
20260205
D-Link / DNS-326
20260205
D-Link / DNS-327L
20260205
D-Link / DNR-326
20260205
D-Link / DNS-340L
20260205
D-Link / DNS-343
20260205
D-Link / DNS-345
20260205
D-Link / DNS-726-4
20260205
D-Link / DNS-1100-4
20260205
D-Link / DNS-1200-05
20260205
D-Link / DNS-1550-04
20260205
References
Credits
๐ Ziyue Xie (VulDB User)