A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This issue affects the function UPnP_AV_Server_Path_Setting of the file /cgi-bin/app_mgr.cgi. Executing a manipulation can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been published and may be used.
References
| Link | Resource |
|---|---|
| https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_164/164.md | Exploit Third Party Advisory |
| https://vuldb.com/?ctiid.351125 | Permissions Required VDB Entry |
| https://vuldb.com/?id.351125 | Third Party Advisory VDB Entry |
| https://vuldb.com/?submit.770445 | Third Party Advisory VDB Entry |
| https://www.dlink.com/ | Product |
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
Configuration 5 (hide)
| AND |
|
Configuration 6 (hide)
| AND |
|
Configuration 7 (hide)
| AND |
|
Configuration 8 (hide)
| AND |
|
Configuration 9 (hide)
| AND |
|
Configuration 10 (hide)
| AND |
|
Configuration 11 (hide)
| AND |
|
Configuration 12 (hide)
| AND |
|
Configuration 13 (hide)
| AND |
|
Configuration 14 (hide)
| AND |
|
Configuration 15 (hide)
| AND |
|
Configuration 16 (hide)
| AND |
|
Configuration 17 (hide)
| AND |
|
Configuration 18 (hide)
| AND |
|
Configuration 19 (hide)
| AND |
|
Configuration 20 (hide)
| AND |
|
History
19 Mar 2026, 14:29
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_164/164.md - Exploit, Third Party Advisory | |
| References | () https://vuldb.com/?ctiid.351125 - Permissions Required, VDB Entry | |
| References | () https://vuldb.com/?id.351125 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/?submit.770445 - Third Party Advisory, VDB Entry | |
| References | () https://www.dlink.com/ - Product | |
| CPE | cpe:2.3:h:dlink:dns-322l:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dnr-326_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:dlink:dns-1100-4_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:dlink:dns-1550-04_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:dlink:dns-345_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dlink:dnr-326:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dns-321:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dns-320lw:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dns-327l_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dlink:dns-323:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dns-1200-05_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:dlink:dns-120_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dlink:dns-1200-05:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dns-726-4:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dns-1550-04:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dnr-202l_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dlink:dns-320l:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dns-326:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dns-315l:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dns-325_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dlink:dns-327l:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dns-345:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dns-323_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:dlink:dns-322l_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dlink:dns-1100-4:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dns-320_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dlink:dns-343:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dns-726-4_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:dlink:dns-320l_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:dlink:dns-340l_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dlink:dnr-202l:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dns-343_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:dlink:dns-315l_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dlink:dns-320:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dns-325:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dns-120:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dns-340l:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dns-321_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:dlink:dns-326_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:dlink:dns-320lw_firmware:*:*:*:*:*:*:*:* |
|
| First Time |
Dlink dns-320lw
Dlink dns-120 Firmware Dlink dns-340l Firmware Dlink dns-326 Firmware Dlink dns-726-4 Firmware Dlink dns-120 Dlink dns-323 Firmware Dlink dns-343 Dlink dnr-326 Dlink dns-321 Firmware Dlink dns-327l Firmware Dlink dnr-202l Firmware Dlink dns-345 Dlink dns-322l Dlink dns-327l Dlink dns-315l Dlink dns-1550-04 Firmware Dlink dns-343 Firmware Dlink dns-326 Dlink dnr-326 Firmware Dlink dns-321 Dlink dns-1550-04 Dlink dns-1100-4 Dlink dns-320lw Firmware Dlink dnr-202l Dlink dns-320l Firmware Dlink dns-323 Dlink dns-345 Firmware Dlink dns-1200-05 Firmware Dlink Dlink dns-320l Dlink dns-320 Dlink dns-320 Firmware Dlink dns-1100-4 Firmware Dlink dns-1200-05 Dlink dns-322l Firmware Dlink dns-726-4 Dlink dns-325 Dlink dns-340l Dlink dns-325 Firmware Dlink dns-315l Firmware |
|
| Summary |
|
|
| CWE | CWE-787 |
16 Mar 2026, 14:20
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-03-16 14:20
Updated : 2026-03-19 14:29
NVD link : CVE-2026-4214
Mitre link : CVE-2026-4214
CVE.ORG link : CVE-2026-4214
JSON object : View
Products Affected
dlink
- dns-327l
- dns-320
- dns-323_firmware
- dns-1200-05_firmware
- dns-120_firmware
- dnr-202l_firmware
- dns-315l
- dns-1100-4
- dns-120
- dns-343
- dns-1100-4_firmware
- dns-1200-05
- dns-320l_firmware
- dns-343_firmware
- dns-726-4_firmware
- dns-340l
- dns-326
- dns-345
- dns-320_firmware
- dns-325_firmware
- dns-320lw_firmware
- dns-320lw
- dns-340l_firmware
- dns-320l
- dns-326_firmware
- dns-321_firmware
- dns-1550-04
- dns-325
- dns-322l_firmware
- dns-322l
- dns-726-4
- dnr-326
- dns-327l_firmware
- dnr-326_firmware
- dns-323
- dns-315l_firmware
- dns-321
- dns-1550-04_firmware
- dns-345_firmware
- dnr-202l