CVE-2026-5311
D-Link DNS-1550-04 file_center.cgi Webdav_Access_List access control
CVSS Score
5.3
EPSS Score
0.1%
EPSS Percentile
17th
A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function Webdav_Access_List of the file /cgi-bin/file_center.cgi. Performing a manipulation of the argument cmd results in improper access controls. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.
| CWE | CWE-284 CWE-266 |
| Vendor | d-link |
| Product | dns-120 |
| Published | Apr 1, 2026 |
| Last Updated | Apr 2, 2026 |
Stay Ahead of the Next One
Get instant alerts for d-link dns-120
Be the first to know when new medium vulnerabilities affecting d-link dns-120 are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
D-Link / DNS-120
20260205
D-Link / DNR-202L
20260205
D-Link / DNS-315L
20260205
D-Link / DNS-320
20260205
D-Link / DNS-320L
20260205
D-Link / DNS-320LW
20260205
D-Link / DNS-321
20260205
D-Link / DNR-322L
20260205
D-Link / DNS-323
20260205
D-Link / DNS-325
20260205
D-Link / DNS-326
20260205
D-Link / DNS-327L
20260205
D-Link / DNR-326
20260205
D-Link / DNS-340L
20260205
D-Link / DNS-343
20260205
D-Link / DNS-345
20260205
D-Link / DNS-726-4
20260205
D-Link / DNS-1100-4
20260205
D-Link / DNS-1200-05
20260205
D-Link / DNS-1550-04
20260205
References
Credits
๐ Ziyue Xie (VulDB User)