CVE-2026-5312

A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected by this vulnerability is the function FMT_restart/Status_HDInfo/SMART_List/ScanDisk_info/ScanDisk/volume_status/Get_Volume_Mapping/FMT_check_disk_remount_state/FMT_rebuildinfo/FMT_result_list/FMT_result_list_phy/FMT_get_dminfo/FMT_manually_rebuild_info/Get_current_raidtype of the file /cgi-bin/dsk_mgr.cgi. Executing a manipulation can lead to improper access controls. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.

CVSS v3 5.3 MEDIUM
CVSS v2.0 5.0 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_172/172.md	Exploit Third Party Advisory
https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_173/173.md	Exploit Third Party Advisory
https://vuldb.com/submit/780442	Third Party Advisory VDB Entry
https://vuldb.com/submit/780443	Third Party Advisory VDB Entry
https://vuldb.com/vuln/354641	Third Party Advisory VDB Entry
https://vuldb.com/vuln/354641/cti	Permissions Required VDB Entry
https://www.dlink.com/	Product

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:dlink:dns-1550-04_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-1550-04:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:dlink:dns-315l_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-315l:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:dlink:dns-320_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-320:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:dlink:dns-320l_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-320l:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:dlink:dns-320lw_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-320lw:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:dlink:dns-321_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-321:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:dlink:dns-322l_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-322l:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:dlink:dns-323_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-323:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:dlink:dns-325_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-325:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:dlink:dns-326_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-326:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:dlink:dns-327l_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-327l:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:dlink:dns-340l_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-340l:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:dlink:dns-343_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-343:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:dlink:dns-345_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-345:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:dlink:dns-726-4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-726-4:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:dlink:dnr-202l_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dnr-202l:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:dlink:dnr-326_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dnr-326:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:dlink:dns-1100-4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-1100-4:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:dlink:dns-120_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-120:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:dlink:dns-1200-05_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-1200-05:-:*:*:*:*:*:*:*

History

07 Apr 2026, 15:42

Type	Values Removed	Values Added
First Time		Dlink dns-320lw Dlink dns-120 Firmware Dlink dns-340l Firmware Dlink dns-326 Firmware Dlink dns-726-4 Firmware Dlink dns-120 Dlink dns-323 Firmware Dlink dns-343 Dlink dnr-326 Dlink dns-321 Firmware Dlink dns-327l Firmware Dlink dnr-202l Firmware Dlink dns-345 Dlink dns-322l Dlink dns-327l Dlink dns-315l Dlink dns-1550-04 Firmware Dlink dns-343 Firmware Dlink dns-326 Dlink dnr-326 Firmware Dlink dns-321 Dlink dns-1550-04 Dlink dns-1100-4 Dlink dns-320lw Firmware Dlink dnr-202l Dlink dns-320l Firmware Dlink dns-323 Dlink dns-345 Firmware Dlink dns-1200-05 Firmware Dlink Dlink dns-320l Dlink dns-320 Dlink dns-320 Firmware Dlink dns-1100-4 Firmware Dlink dns-1200-05 Dlink dns-322l Firmware Dlink dns-726-4 Dlink dns-325 Dlink dns-340l Dlink dns-325 Firmware Dlink dns-315l Firmware
CPE		cpe:2.3:h:dlink:dns-322l:-:::::::* cpe:2.3:o:dlink:dns-1550-04_firmware:::::::: cpe:2.3:o:dlink:dns-345_firmware:::::::: cpe:2.3:o:dlink:dnr-326_firmware:::::::: cpe:2.3:o:dlink:dns-1100-4_firmware:::::::: cpe:2.3:h:dlink:dnr-326:-:::::::* cpe:2.3:h:dlink:dns-321:-:::::::* cpe:2.3:h:dlink:dns-320lw:-:::::::* cpe:2.3:o:dlink:dns-327l_firmware:::::::: cpe:2.3:h:dlink:dns-323:-:::::::* cpe:2.3:o:dlink:dns-1200-05_firmware:::::::: cpe:2.3:o:dlink:dns-120_firmware:::::::: cpe:2.3:h:dlink:dns-1200-05:-:::::::* cpe:2.3:h:dlink:dns-726-4:-:::::::* cpe:2.3:h:dlink:dns-1550-04:-:::::::* cpe:2.3:o:dlink:dnr-202l_firmware:::::::: cpe:2.3:h:dlink:dns-320l:-:::::::* cpe:2.3:o:dlink:dns-320lw_firmware:::::::: cpe:2.3:h:dlink:dns-326:-:::::::* cpe:2.3:h:dlink:dns-315l:-:::::::* cpe:2.3:o:dlink:dns-325_firmware:::::::: cpe:2.3:h:dlink:dns-327l:-:::::::* cpe:2.3:h:dlink:dns-345:-:::::::* cpe:2.3:o:dlink:dns-323_firmware:::::::: cpe:2.3:o:dlink:dns-322l_firmware:::::::: cpe:2.3:o:dlink:dns-320_firmware:::::::: cpe:2.3:h:dlink:dns-1100-4:-:::::::* cpe:2.3:h:dlink:dns-343:-:::::::* cpe:2.3:o:dlink:dns-726-4_firmware:::::::: cpe:2.3:o:dlink:dns-320l_firmware:::::::: cpe:2.3:o:dlink:dns-340l_firmware:::::::: cpe:2.3:o:dlink:dns-343_firmware:::::::: cpe:2.3:h:dlink:dnr-202l:-:::::::* cpe:2.3:o:dlink:dns-315l_firmware:::::::: cpe:2.3:h:dlink:dns-320:-:::::::* cpe:2.3:h:dlink:dns-325:-:::::::* cpe:2.3:h:dlink:dns-120:-:::::::* cpe:2.3:h:dlink:dns-340l:-:::::::* cpe:2.3:o:dlink:dns-321_firmware:::::::: cpe:2.3:o:dlink:dns-326_firmware::::::::
References	~~() https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_172/172.md -~~	() https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_172/172.md - Exploit, Third Party Advisory
References	~~() https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_173/173.md -~~	() https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_173/173.md - Exploit, Third Party Advisory
References	~~() https://vuldb.com/submit/780442 -~~	() https://vuldb.com/submit/780442 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/submit/780443 -~~	() https://vuldb.com/submit/780443 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/vuln/354641 -~~	() https://vuldb.com/vuln/354641 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/vuln/354641/cti -~~	() https://vuldb.com/vuln/354641/cti - Permissions Required, VDB Entry
References	~~() https://www.dlink.com/ -~~	() https://www.dlink.com/ - Product

01 Apr 2026, 21:17

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-04-01 21:17

Updated : 2026-04-07 15:42

NVD link : CVE-2026-5312

Mitre link : CVE-2026-5312

CVE.ORG link : CVE-2026-5312

JSON object : View

Products Affected

dlink

dns-327l
dns-320
dns-323_firmware
dns-1200-05_firmware
dns-120_firmware
dnr-202l_firmware
dns-315l
dns-1100-4
dns-120
dns-343
dns-1100-4_firmware
dns-1200-05
dns-320l_firmware
dns-343_firmware
dns-726-4_firmware
dns-340l
dns-326
dns-345
dns-320_firmware
dns-325_firmware
dns-320lw_firmware
dns-320lw
dns-340l_firmware
dns-320l
dns-326_firmware
dns-321_firmware
dns-1550-04
dns-325
dns-322l_firmware
dns-322l
dns-726-4
dnr-326
dns-327l_firmware
dnr-326_firmware
dns-323
dns-315l_firmware
dns-321
dns-1550-04_firmware
dns-345_firmware
dnr-202l

CWE

CWE-266

Incorrect Privilege Assignment

CWE-284

Improper Access Control

5.3 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2026-5312

5.3^/10

5.0^/10

Attach tags to `CVE-2026-5312`