CVE-2026-4197
Severity CVSS v4.0:
MEDIUM
Type:
CWE-74
Injection
Publication date:
16/03/2026
Last modified:
16/03/2026
Description
A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function RSS_Get_Update_Status/RSS_Update/RSS_Channel_AutoDownlaod/RSS_Add/RSS_Channel_Item_Downlaod/RSS_History_Item_List/RSS_Item_List of the file /cgi-bin/download_mgr.cgi. The manipulation results in command injection. The attack may be performed from remote. The exploit has been made public and could be used.
Impact
Base Score 4.0
5.30
Severity 4.0
MEDIUM
Base Score 3.x
6.30
Severity 3.x
MEDIUM
Base Score 2.0
6.50
Severity 2.0
MEDIUM
References to Advisories, Solutions, and Tools
- https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_102/102.md
- https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_103/103.md
- https://vuldb.com/?ctiid_351109=
- https://vuldb.com/?id_351109=
- https://vuldb.com/?submit_769864=
- https://vuldb.com/?submit_769865=
- https://vuldb.com/?submit_769866=
- https://vuldb.com/?submit_769867=
- https://vuldb.com/?submit_769868=
- https://vuldb.com/?submit_769869=
- https://vuldb.com/?submit_769870=
- https://vuldb.com/?submit_770363=
- https://vuldb.com/?submit_770364=
- https://www.dlink.com/