{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5311", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-04-01T12:13:33.464Z", "datePublished": "2026-04-01T19:45:14.221Z", "dateUpdated": "2026-04-02T15:27:57.427Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-01T19:45:14.221Z"}, "title": "D-Link DNS-1550-04 file_center.cgi Webdav_Access_List access control", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "Improper Access Controls"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-266", "lang": "en", "description": "Incorrect Privilege Assignment"}]}], "affected": [{"vendor": "D-Link", "product": "DNS-120", "versions": [{"version": "20260205", "status": "affected"}]}, {"vendor": "D-Link", "product": "DNR-202L", "versions": [{"version": "20260205", "status": "affected"}]}, {"vendor": "D-Link", "product": "DNS-315L", "versions": [{"version": "20260205", "status": "affected"}]}, {"vendor": "D-Link", "product": "DNS-320", "versions": [{"version": "20260205", "status": "affected"}]}, {"vendor": "D-Link", "product": "DNS-320L", "versions": [{"version": "20260205", "status": "affected"}]}, {"vendor": "D-Link", "product": "DNS-320LW", "versions": [{"version": "20260205", "status": "affected"}]}, {"vendor": "D-Link", "product": "DNS-321", "versions": [{"version": "20260205", "status": "affected"}]}, {"vendor": "D-Link", "product": "DNR-322L", "versions": [{"version": "20260205", "status": "affected"}]}, {"vendor": "D-Link", "product": "DNS-323", "versions": [{"version": "20260205", "status": "affected"}]}, {"vendor": "D-Link", "product": "DNS-325", "versions": [{"version": "20260205", "status": "affected"}]}, {"vendor": "D-Link", "product": "DNS-326", "versions": [{"version": "20260205", "status": "affected"}]}, {"vendor": "D-Link", "product": "DNS-327L", "versions": [{"version": "20260205", "status": "affected"}]}, {"vendor": "D-Link", "product": "DNR-326", "versions": [{"version": "20260205", "status": "affected"}]}, {"vendor": "D-Link", "product": "DNS-340L", "versions": [{"version": "20260205", "status": "affected"}]}, {"vendor": "D-Link", "product": "DNS-343", "versions": [{"version": "20260205", "status": "affected"}]}, {"vendor": "D-Link", "product": "DNS-345", "versions": [{"version": "20260205", "status": "affected"}]}, {"vendor": "D-Link", "product": "DNS-726-4", "versions": [{"version": "20260205", "status": "affected"}]}, {"vendor": "D-Link", "product": "DNS-1100-4", "versions": [{"version": "20260205", "status": "affected"}]}, {"vendor": "D-Link", "product": "DNS-1200-05", "versions": [{"version": "20260205", "status": "affected"}]}, {"vendor": "D-Link", "product": "DNS-1550-04", "versions": [{"version": "20260205", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function Webdav_Access_List of the file /cgi-bin/file_center.cgi. Performing a manipulation of the argument cmd results in improper access controls. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-04-01T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-04-01T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-04-01T14:18:48.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Ziyue Xie (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/vuln/354640", "name": "VDB-354640 | D-Link DNS-1550-04 file_center.cgi Webdav_Access_List access control", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/354640/cti", "name": "VDB-354640 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/780441", "name": "Submit #780441 | D-Link DNS-120/202L/315L/320/320L/320LW/321/322L/323/325/326/327L/326/340L/343/345/726-4/1100-4/1200-05/1550-04 up to 20260205 Improper Access Controls", "tags": ["third-party-advisory"]}, {"url": "https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_171/171.md", "tags": ["exploit"]}, {"url": "https://www.dlink.com/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-02T15:26:11.181157Z", "id": "CVE-2026-5311", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T15:27:57.427Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-5311", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-02T15:26:11.181157Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T15:27:49.031Z"}}], "cna": {"title": "D-Link DNS-1550-04 file_center.cgi Webdav_Access_List access control", "credits": [{"lang": "en", "type": "reporter", "value": "Ziyue Xie (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "D-Link", "product": "DNS-120", "versions": [{"status": "affected", "version": "20260205"}]}, {"vendor": "D-Link", "product": "DNR-202L", "versions": [{"status": "affected", "version": "20260205"}]}, {"vendor": "D-Link", "product": "DNS-315L", "versions": [{"status": "affected", "version": "20260205"}]}, {"vendor": "D-Link", "product": "DNS-320", "versions": [{"status": "affected", "version": "20260205"}]}, {"vendor": "D-Link", "product": "DNS-320L", "versions": [{"status": "affected", "version": "20260205"}]}, {"vendor": "D-Link", "product": "DNS-320LW", "versions": [{"status": "affected", "version": "20260205"}]}, {"vendor": "D-Link", "product": "DNS-321", "versions": [{"status": "affected", "version": "20260205"}]}, {"vendor": "D-Link", "product": "DNR-322L", "versions": [{"status": "affected", "version": "20260205"}]}, {"vendor": "D-Link", "product": "DNS-323", "versions": [{"status": "affected", "version": "20260205"}]}, {"vendor": "D-Link", "product": "DNS-325", "versions": [{"status": "affected", "version": "20260205"}]}, {"vendor": "D-Link", "product": "DNS-326", "versions": [{"status": "affected", "version": "20260205"}]}, {"vendor": "D-Link", "product": "DNS-327L", "versions": [{"status": "affected", "version": "20260205"}]}, {"vendor": "D-Link", "product": "DNR-326", "versions": [{"status": "affected", "version": "20260205"}]}, {"vendor": "D-Link", "product": "DNS-340L", "versions": [{"status": "affected", "version": "20260205"}]}, {"vendor": "D-Link", "product": "DNS-343", "versions": [{"status": "affected", "version": "20260205"}]}, {"vendor": "D-Link", "product": "DNS-345", "versions": [{"status": "affected", "version": "20260205"}]}, {"vendor": "D-Link", "product": "DNS-726-4", "versions": [{"status": "affected", "version": "20260205"}]}, {"vendor": "D-Link", "product": "DNS-1100-4", "versions": [{"status": "affected", "version": "20260205"}]}, {"vendor": "D-Link", "product": "DNS-1200-05", "versions": [{"status": "affected", "version": "20260205"}]}, {"vendor": "D-Link", "product": "DNS-1550-04", "versions": [{"status": "affected", "version": "20260205"}]}], "timeline": [{"lang": "en", "time": "2026-04-01T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-04-01T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-04-01T14:18:48.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/354640", "name": "VDB-354640 | D-Link DNS-1550-04 file_center.cgi Webdav_Access_List access control", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/354640/cti", "name": "VDB-354640 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/780441", "name": "Submit #780441 | D-Link DNS-120/202L/315L/320/320L/320LW/321/322L/323/325/326/327L/326/340L/343/345/726-4/1100-4/1200-05/1550-04 up to 20260205 Improper Access Controls", "tags": ["third-party-advisory"]}, {"url": "https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_171/171.md", "tags": ["exploit"]}, {"url": "https://www.dlink.com/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function Webdav_Access_List of the file /cgi-bin/file_center.cgi. Performing a manipulation of the argument cmd results in improper access controls. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "Improper Access Controls"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-266", "description": "Incorrect Privilege Assignment"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-01T19:45:14.221Z"}}}, "cveMetadata": {"cveId": "CVE-2026-5311", "state": "PUBLISHED", "dateUpdated": "2026-04-02T15:27:57.427Z", "dateReserved": "2026-04-01T12:13:33.464Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-04-01T19:45:14.221Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function Webdav_Access_List of the file /cgi-bin/file_center.cgi. Performing a manipulation of the argument cmd results in improper access controls. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks."}], "id": "CVE-2026-5311", "lastModified": "2026-04-03T16:10:52.680", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-04-01T20:16:29.950", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_171/171.md"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/submit/780441"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/354640"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/354640/cti"}, {"source": "cna@vuldb.com", "url": "https://www.dlink.com/"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-266"}, {"lang": "en", "value": "CWE-284"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "20260205"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "DNR-202L", "source": "cna", "vendor": "D-Link"}, "product": "dnr-202l", "vendor": "d-link"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "20260205"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "DNR-322L", "source": "cna", "vendor": "D-Link"}, "product": "dnr-322l", "vendor": "d-link"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "20260205"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "DNR-326", "source": "cna", "vendor": "D-Link"}, "product": "dnr-326", "vendor": "d-link"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "20260205"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "DNS-1100-4", "source": "cna", "vendor": "D-Link"}, "product": "dns-1100-4", "vendor": "d-link"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "20260205"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "DNS-120", "source": "cna", "vendor": "D-Link"}, "product": "dns-120", "vendor": "d-link"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "20260205"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "DNS-1200-05", "source": "cna", "vendor": "D-Link"}, "product": "dns-1200-05", "vendor": "d-link"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "20260205"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "DNS-1550-04", "source": "cna", "vendor": "D-Link"}, "product": "dns-1550-04", "vendor": "d-link"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "20260205"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "DNS-315L", "source": "cna", "vendor": "D-Link"}, "product": "dns-315l", "vendor": "d-link"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "20260205"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "DNS-320", "source": "cna", "vendor": "D-Link"}, "product": "dns-320", "vendor": "d-link"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "20260205"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "DNS-320L", "source": "cna", "vendor": "D-Link"}, "product": "dns-320l", "vendor": "d-link"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "20260205"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "DNS-320LW", "source": "cna", "vendor": "D-Link"}, "product": "dns-320lw", "vendor": "d-link"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "20260205"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "DNS-321", "source": "cna", "vendor": "D-Link"}, "product": "dns-321", "vendor": "d-link"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "20260205"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "DNS-323", "source": "cna", "vendor": "D-Link"}, "product": "dns-323", "vendor": "d-link"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "20260205"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "DNS-325", "source": "cna", "vendor": "D-Link"}, "product": "dns-325", "vendor": "d-link"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "20260205"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "DNS-326", "source": "cna", "vendor": "D-Link"}, "product": "dns-326", "vendor": "d-link"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "20260205"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "DNS-327L", "source": "cna", "vendor": "D-Link"}, "product": "dns-327l", "vendor": "d-link"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "20260205"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "DNS-340L", "source": "cna", "vendor": "D-Link"}, "product": "dns-340l", "vendor": "d-link"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "20260205"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "DNS-343", "source": "cna", "vendor": "D-Link"}, "product": "dns-343", "vendor": "d-link"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "20260205"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "DNS-345", "source": "cna", "vendor": "D-Link"}, "product": "dns-345", "vendor": "d-link"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "20260205"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "DNS-726-4", "source": "cna", "vendor": "D-Link"}, "product": "dns-726-4", "vendor": "d-link"}], "analysis": {"en": {"generated_at": "2026-04-02T04:32:27.085243+00:00", "value": {"mitigation_remediation": ["Apply any available firmware patch from D\u2011Link for the affected DNS models", "Disable the /cgi-bin/file_center.cgi WebDAV interface if a patch is not available", "Restrict access to the device\u2019s management interface to the local network only", "Monitor for signs of exploitation and review logs for abnormal WebDAV activity"], "summary": {"action": "Immediate Patch", "impact": "Unauthorized webdav access and potential remote control"}, "threat_synthesis": {"affected_systems": "The vulnerability affects a range of D\u2011Link DNS products, including DNS\u2011120, DNR\u2011202L, DNS\u2011315L, DNS\u2011320, DNS\u2011320L, DNS\u2011320LW, DNS\u2011321, DNR\u2011322L, DNS\u2011323, DNS\u2011325, DNS\u2011326, DNS\u2011327L, DNR\u2011326, DNS\u2011340L, DNS\u2011343, DNS\u2011345, DNS\u2011726\u20114, DNS\u20111100\u20114, DNS\u20111200\u201105, and DNS\u20111550\u201104, all firmware versions up to 20260205.", "description_and_impact": "A flaw in D\u2011Link routers allows an attacker to manipulate the cmd argument of the Webdav_Access_List function in /cgi-bin/file_center.cgi, bypassing normal access controls. This can enable the attacker to upload, download, or modify files on the device, potentially changing configuration, exfiltrating data, or providing a foothold for further compromise. The issue is classified as an authorization bypass and improper access control according to the CWEs listed.", "risk_and_exploitability": "The CVSS score of 6.9 indicates moderate severity, and while EPSS information is not available, the vulnerability is publicly exploited and can be performed remotely. No KEV listing is present, but the public release of an exploit means that exposed devices are at significant risk. Administrators should consider the risk as substantial for devices reachable from the internet and apply protective measures promptly."}}}}, "created": "2026-04-02T07:47:59.952190+00:00", "updated": "2026-04-02T20:16:52.885949+00:00", "vendors": ["d-link", "d-link$PRODUCT$dnr-202l", "d-link$PRODUCT$dnr-322l", "d-link$PRODUCT$dnr-326", "d-link$PRODUCT$dns-1100-4", "d-link$PRODUCT$dns-120", "d-link$PRODUCT$dns-1200-05", "d-link$PRODUCT$dns-1550-04", "d-link$PRODUCT$dns-315l", "d-link$PRODUCT$dns-320", "d-link$PRODUCT$dns-320l", "d-link$PRODUCT$dns-320lw", "d-link$PRODUCT$dns-321", "d-link$PRODUCT$dns-323", "d-link$PRODUCT$dns-325", "d-link$PRODUCT$dns-326", "d-link$PRODUCT$dns-327l", "d-link$PRODUCT$dns-340l", "d-link$PRODUCT$dns-343", "d-link$PRODUCT$dns-345", "d-link$PRODUCT$dns-726-4"]}