EIP-2026-101639

PRE-CVE

D-Link DNS-323 - Multiple Vulnerabilities

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101639. PoCs published by sghctoma.

AI-analyzed exploit summary This is a technical writeup detailing two vulnerabilities in D-Link DNS-323 firmware 1.09: arbitrary file upload via directory traversal and OS command execution through parameter injection in the 'SCHEDULE DOWNLOAD' feature. Both require authentication but can be exploited as root.

Description

D-Link DNS-323 - Multiple Vulnerabilities

Exploits (1)

exploitdb WRITEUP
by sghctoma · textwebappshardware
https://www.exploit-db.com/exploits/25142

This is a technical writeup detailing two vulnerabilities in D-Link DNS-323 firmware 1.09: arbitrary file upload via directory traversal and OS command execution through parameter injection in the 'SCHEDULE DOWNLOAD' feature. Both require authentication but can be exploited as root.

Classification
Writeup 90%
Attack Type
Rce | Info Leak
Complexity
Moderate
Reliability
Reliable
Target: D-Link DNS-323 firmware 1.09
Auth required
Prerequisites: authenticated user access · network access to the NAS web interface
mistral-large-3 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026