CVE-2026-4197

MEDIUM

D-Link DNS-1550-04 download_mgr.cgi RSS_Item_List command injection

Title source: cna
STIX 2.1

Description

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function RSS_Get_Update_Status/RSS_Update/RSS_Channel_AutoDownlaod/RSS_Add/RSS_Channel_Item_Downlaod/RSS_History_Item_List/RSS_Item_List of the file /cgi-bin/download_mgr.cgi. The manipulation results in command injection. The attack may be performed from remote. The exploit has been made public and could be used.

References (14)

Scores

CVSS v3 6.3
EPSS 0.0015
EPSS Percentile 34.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-74 CWE-77
Status published
Products (40)
D-Link/DNR-202L 20260205
D-Link/DNR-322L 20260205
D-Link/DNR-326 20260205
D-Link/DNS-1100-4 20260205
D-Link/DNS-120 20260205
D-Link/DNS-1200-05 20260205
D-Link/DNS-1550-04 20260205
D-Link/DNS-315L 20260205
D-Link/DNS-320 20260205
D-Link/DNS-320L 20260205
... and 30 more
Published Mar 16, 2026
Tracked Since Mar 16, 2026