CVE-2026-4203

A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Impacted is the function cgi_portforwarding_add/cgi_portforwarding_del/cgi_portforwarding_modify/cgi_portforwarding_add_scan/cgi_dhcpd_lease/cgi_ddns/cgi_ip/cgi_dhcpd of the file /cgi-bin/network_mgr.cgi. The manipulation results in command injection. The attack may be launched remotely. The exploit is now public and may be used.

CVSS v3 6.3 MEDIUM
CVSS v2.0 6.5 MEDIUM

6.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

6.5^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_122/122.md	Exploit Third Party Advisory
https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_123/123.md	Exploit Third Party Advisory
https://vuldb.com/?ctiid.351115	Permissions Required VDB Entry
https://vuldb.com/?id.351115	Third Party Advisory VDB Entry
https://vuldb.com/?submit.770401	Third Party Advisory VDB Entry
https://vuldb.com/?submit.770402	Third Party Advisory VDB Entry
https://vuldb.com/?submit.770403	Third Party Advisory VDB Entry
https://vuldb.com/?submit.770404	Third Party Advisory VDB Entry
https://vuldb.com/?submit.770405	Third Party Advisory VDB Entry
https://vuldb.com/?submit.770406	Third Party Advisory VDB Entry
https://vuldb.com/?submit.770407	Third Party Advisory VDB Entry
https://vuldb.com/?submit.770408	Third Party Advisory VDB Entry
https://www.dlink.com/	Product

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:dlink:dnr-202l_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dnr-202l:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:dlink:dnr-326_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dnr-326:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:dlink:dns-1100-4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-1100-4:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:dlink:dns-120_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-120:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:dlink:dns-1200-05_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-1200-05:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:dlink:dns-1550-04_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-1550-04:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:dlink:dns-315l_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-315l:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:dlink:dns-320_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-320:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:dlink:dns-320l_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-320l:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:dlink:dns-320lw_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-320lw:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:dlink:dns-321_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-321:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:dlink:dns-322l_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-322l:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:dlink:dns-323_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-323:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:dlink:dns-325_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-325:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:dlink:dns-326_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-326:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:dlink:dns-327l_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-327l:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:dlink:dns-340l_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-340l:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:dlink:dns-343_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-343:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:dlink:dns-345_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-345:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:dlink:dns-726-4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-726-4:-:*:*:*:*:*:*:*

History

19 Mar 2026, 14:23

Type	Values Removed	Values Added
CPE		cpe:2.3:h:dlink:dns-322l:-:::::::* cpe:2.3:o:dlink:dnr-326_firmware:::::::: cpe:2.3:o:dlink:dns-1100-4_firmware:::::::: cpe:2.3:o:dlink:dns-1550-04_firmware:::::::: cpe:2.3:o:dlink:dns-345_firmware:::::::: cpe:2.3:h:dlink:dnr-326:-:::::::* cpe:2.3:h:dlink:dns-321:-:::::::* cpe:2.3:h:dlink:dns-320lw:-:::::::* cpe:2.3:o:dlink:dns-327l_firmware:::::::: cpe:2.3:h:dlink:dns-323:-:::::::* cpe:2.3:o:dlink:dns-1200-05_firmware:::::::: cpe:2.3:o:dlink:dns-120_firmware:::::::: cpe:2.3:h:dlink:dns-1200-05:-:::::::* cpe:2.3:h:dlink:dns-726-4:-:::::::* cpe:2.3:h:dlink:dns-1550-04:-:::::::* cpe:2.3:o:dlink:dnr-202l_firmware:::::::: cpe:2.3:h:dlink:dns-320l:-:::::::* cpe:2.3:h:dlink:dns-326:-:::::::* cpe:2.3:h:dlink:dns-315l:-:::::::* cpe:2.3:o:dlink:dns-325_firmware:::::::: cpe:2.3:h:dlink:dns-327l:-:::::::* cpe:2.3:h:dlink:dns-345:-:::::::* cpe:2.3:o:dlink:dns-323_firmware:::::::: cpe:2.3:o:dlink:dns-322l_firmware:::::::: cpe:2.3:h:dlink:dns-1100-4:-:::::::* cpe:2.3:o:dlink:dns-320_firmware:::::::: cpe:2.3:h:dlink:dns-343:-:::::::* cpe:2.3:o:dlink:dns-726-4_firmware:::::::: cpe:2.3:o:dlink:dns-320l_firmware:::::::: cpe:2.3:o:dlink:dns-340l_firmware:::::::: cpe:2.3:h:dlink:dnr-202l:-:::::::* cpe:2.3:o:dlink:dns-343_firmware:::::::: cpe:2.3:o:dlink:dns-315l_firmware:::::::: cpe:2.3:h:dlink:dns-320:-:::::::* cpe:2.3:h:dlink:dns-325:-:::::::* cpe:2.3:h:dlink:dns-120:-:::::::* cpe:2.3:h:dlink:dns-340l:-:::::::* cpe:2.3:o:dlink:dns-321_firmware:::::::: cpe:2.3:o:dlink:dns-326_firmware:::::::: cpe:2.3:o:dlink:dns-320lw_firmware::::::::
First Time		Dlink dns-320lw Dlink dns-120 Firmware Dlink dns-340l Firmware Dlink dns-326 Firmware Dlink dns-726-4 Firmware Dlink dns-120 Dlink dns-323 Firmware Dlink dns-343 Dlink dnr-326 Dlink dns-321 Firmware Dlink dns-327l Firmware Dlink dnr-202l Firmware Dlink dns-345 Dlink dns-322l Dlink dns-327l Dlink dns-315l Dlink dns-1550-04 Firmware Dlink dns-343 Firmware Dlink dns-326 Dlink dnr-326 Firmware Dlink dns-321 Dlink dns-1550-04 Dlink dns-1100-4 Dlink dns-320lw Firmware Dlink dnr-202l Dlink dns-320l Firmware Dlink dns-323 Dlink dns-345 Firmware Dlink dns-1200-05 Firmware Dlink Dlink dns-320l Dlink dns-320 Dlink dns-320 Firmware Dlink dns-1100-4 Firmware Dlink dns-1200-05 Dlink dns-322l Firmware Dlink dns-726-4 Dlink dns-325 Dlink dns-340l Dlink dns-325 Firmware Dlink dns-315l Firmware
References	~~() https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_122/122.md -~~	() https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_122/122.md - Exploit, Third Party Advisory
References	~~() https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_123/123.md -~~	() https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_123/123.md - Exploit, Third Party Advisory
References	~~() https://vuldb.com/?ctiid.351115 -~~	() https://vuldb.com/?ctiid.351115 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?id.351115 -~~	() https://vuldb.com/?id.351115 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?submit.770401 -~~	() https://vuldb.com/?submit.770401 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?submit.770402 -~~	() https://vuldb.com/?submit.770402 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?submit.770403 -~~	() https://vuldb.com/?submit.770403 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?submit.770404 -~~	() https://vuldb.com/?submit.770404 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?submit.770405 -~~	() https://vuldb.com/?submit.770405 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?submit.770406 -~~	() https://vuldb.com/?submit.770406 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?submit.770407 -~~	() https://vuldb.com/?submit.770407 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?submit.770408 -~~	() https://vuldb.com/?submit.770408 - Third Party Advisory, VDB Entry
References	~~() https://www.dlink.com/ -~~	() https://www.dlink.com/ - Product
Summary		(es) Una vulnerabilidad fue detectada en D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 y DNS-1550-04 hasta 20260205. La función afectada es cgi_portforwarding_add/cgi_portforwarding_del/cgi_portforwarding_modify/cgi_portforwarding_add_scan/cgi_dhcpd_lease/cgi_ddns/cgi_ip/cgi_dhcpd del archivo /cgi-bin/network_mgr.cgi. La manipulación da como resultado una inyección de comandos. El ataque puede lanzarse de forma remota. El exploit es ahora público y puede utilizarse.

16 Mar 2026, 14:20

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-16 14:20

Updated : 2026-03-19 14:23

NVD link : CVE-2026-4203

Mitre link : CVE-2026-4203

CVE.ORG link : CVE-2026-4203

JSON object : View

Products Affected

dlink

dns-327l
dns-320
dns-323_firmware
dns-1200-05_firmware
dns-120_firmware
dnr-202l_firmware
dns-315l
dns-1100-4
dns-120
dns-343
dns-1100-4_firmware
dns-1200-05
dns-320l_firmware
dns-343_firmware
dns-726-4_firmware
dns-340l
dns-326
dns-345
dns-320_firmware
dns-325_firmware
dns-320lw_firmware
dns-320lw
dns-340l_firmware
dns-320l
dns-326_firmware
dns-321_firmware
dns-1550-04
dns-325
dns-322l_firmware
dns-322l
dns-726-4
dnr-326
dns-327l_firmware
dnr-326_firmware
dns-323
dns-315l_firmware
dns-321
dns-1550-04_firmware
dns-345_firmware
dnr-202l

CWE

CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

6.3 /10