CVE-2026-8271

MEDIUM

D-Link DNS-320 network_mgr.cgi cgi_upnp_edit os command injection

Title source: cna

Description

A vulnerability was identified in D-Link DNS-320 2.06B01. The impacted element is the function cgi_speed/cgi_dhcpd_lease/cgi_ddns/cgi_set_ip/cgi_upnp_del/cgi_dhcpd/cgi_upnp_add/cgi_upnp_edit of the file /cgi-bin/network_mgr.cgi. The manipulation leads to os command injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.

References (5)

Core 5

Core References

Vdb Entry, Technical Description vdb-entry technical-description

VDB-362568 | D-Link DNS-320 network_mgr.cgi cgi_upnp_edit os command injection

https://vuldb.com/vuln/362568

Signature, Permissions Required signature permissions-required

VDB-362568 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/vuln/362568/cti

Third Party Advisory third-party-advisory

Submit #810078 | D-Link Corporation DNS-320 ShareCenter NAS (Rev.A) Firmware 2.06B01 HOTFIX CWE-78: OS Command Injection

https://vuldb.com/submit/810078

Exploit exploit

https://github.com/dxz0069/WAVLINK-WN530H4-Command-Injection-in-set_add_routing/blob/main/D-Link%20DNS-320%20network_mgr.cgi%20Multiple%20OS%20Command%20Injection%20Vulnerabilities.md

View Exploit ZIP pw:eip

Product product

https://www.dlink.com/

Scores

CVSS v3 4.7

EPSS 0.0012

EPSS Percentile 30.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-77 CWE-78

Status published

Products (2)

D-Link/DNS-320 2.06B01

dlink/dns-320_firmware 2.06b01

Published May 11, 2026

Tracked Since May 11, 2026