CVE-2026-5311

MEDIUM

D-Link DNS-1550-04 file_center.cgi Webdav_Access_List access control

Title source: cna

Description

A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function Webdav_Access_List of the file /cgi-bin/file_center.cgi. Performing a manipulation of the argument cmd results in improper access controls. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.

References (5)

[Vdb Entry, Technical Description] https://vuldb.com/vuln/354640

[Signature, Permissions Required] https://vuldb.com/vuln/354640/cti

[Third Party Advisory] https://vuldb.com/submit/780441

[Exploit] https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_171/171.md

View Exploit ZIP pw:eip

[Product] https://www.dlink.com/

Scores

CVSS v3 5.3

EPSS 0.0026

EPSS Percentile 48.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-266 CWE-284

Status published

Products (40)

D-Link/DNR-202L 20260205

D-Link/DNR-322L 20260205

D-Link/DNR-326 20260205

D-Link/DNS-1100-4 20260205

D-Link/DNS-120 20260205

D-Link/DNS-1200-05 20260205

D-Link/DNS-1550-04 20260205

D-Link/DNS-315L 20260205

D-Link/DNS-320 20260205

D-Link/DNS-320L 20260205

... and 30 more

Published Apr 01, 2026

Tracked Since Apr 02, 2026