CVE-2026-4209

MEDIUM

D-Link DNS-1550-04 account_mgr.cgi cgi_chg_admin_pw command injection

Title source: cna
STIX 2.1

Description

A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function cgi_create_import_users/cgi_user_batch_create/cgi_user_set_quota/cgi_user_del/cgi_user_modify/cgi_group_set_quota/cgi_group_modify/cgi_group_add/cgi_user_add/cgi_get_modify_group_info/cgi_chg_admin_pw of the file /cgi-bin/account_mgr.cgi. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.

References (15)

Core 15
Core References
Product product
https://www.dlink.com/
Vdb Entry, Technical Description vdb-entry technical-description
VDB-351120 | D-Link DNS-1550-04 account_mgr.cgi cgi_chg_admin_pw command injection
https://vuldb.com/?id.351120
Signature, Permissions Required signature permissions-required
VDB-351120 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/?ctiid.351120
Third Party Advisory third-party-advisory
Submit #770429 | D-Link DNS-120/202L/315L/320/320L/320LW/321/322L/323/325/326/327L/326/340L/343/345/726-4/1100-4/1200-05/1550-04 up to 20260205 Command Injection
https://vuldb.com/?submit.770429
Third Party Advisory third-party-advisory
Submit #770430 | D-Link DNS-120/202L/315L/320/320L/320LW/321/322L/323/325/326/327L/326/340L/343/345/726-4/1100-4/1200-05/1550-04 up to 20260205 Command Injection (Duplicate)
https://vuldb.com/?submit.770430
Third Party Advisory third-party-advisory
Submit #770431 | D-Link DNS-120/202L/315L/320/320L/320LW/321/322L/323/325/326/327L/326/340L/343/345/726-4/1100-4/1200-05/1550-04 up to 20260205 Command Injection (Duplicate)
https://vuldb.com/?submit.770431
Third Party Advisory third-party-advisory
Submit #770432 | D-Link DNS-120/202L/315L/320/320L/320LW/321/322L/323/325/326/327L/326/340L/343/345/726-4/1100-4/1200-05/1550-04 up to 20260205 Command Injection (Duplicate)
https://vuldb.com/?submit.770432
Third Party Advisory third-party-advisory
Submit #770433 | D-Link DNS-120/202L/315L/320/320L/320LW/321/322L/323/325/326/327L/326/340L/343/345/726-4/1100-4/1200-05/1550-04 up to 20260205 Command Injection (Duplicate)
https://vuldb.com/?submit.770433
Third Party Advisory third-party-advisory
Submit #770434 | D-Link DNS-120/202L/315L/320/320L/320LW/321/322L/323/325/326/327L/326/340L/343/345/726-4/1100-4/1200-05/1550-04 up to 20260205 Command Injection (Duplicate)
https://vuldb.com/?submit.770434
Third Party Advisory third-party-advisory
Submit #770435 | D-Link DNS-120/202L/315L/320/320L/320LW/321/322L/323/325/326/327L/326/340L/343/345/726-4/1100-4/1200-05/1550-04 up to 20260205 Command Injection (Duplicate)
https://vuldb.com/?submit.770435
Third Party Advisory third-party-advisory
Submit #770436 | D-Link DNS-120/202L/315L/320/320L/320LW/321/322L/323/325/326/327L/326/340L/343/345/726-4/1100-4/1200-05/1550-04 up to 20260205 Command Injection (Duplicate)
https://vuldb.com/?submit.770436
Third Party Advisory third-party-advisory
Submit #770437 | D-Link DNS-120/202L/315L/320/320L/320LW/321/322L/323/325/326/327L/326/340L/343/345/726-4/1100-4/1200-05/1550-04 up to 20260205 Command Injection (Duplicate)
https://vuldb.com/?submit.770437
Third Party Advisory third-party-advisory
Submit #770438 | D-Link DNS-120/202L/315L/320/320L/320LW/321/322L/323/325/326/327L/326/340L/343/345/726-4/1100-4/1200-05/1550-04 up to 20260205 Command Injection (Duplicate)
https://vuldb.com/?submit.770438

Scores

CVSS v3 6.3
EPSS 0.0409
EPSS Percentile 89.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-74 CWE-77
Status published
Products (40)
D-Link/DNR-202L 20260205
D-Link/DNR-322L 20260205
D-Link/DNR-326 20260205
D-Link/DNS-1100-4 20260205
D-Link/DNS-120 20260205
D-Link/DNS-1200-05 20260205
D-Link/DNS-1550-04 20260205
D-Link/DNS-315L 20260205
D-Link/DNS-320 20260205
D-Link/DNS-320L 20260205
... and 30 more
Published Mar 16, 2026
Tracked Since Mar 16, 2026