CVE-2026-4203
Severity CVSS v4.0:
MEDIUM
Type:
CWE-74
Injection
Publication date:
16/03/2026
Last modified:
16/03/2026
Description
A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Impacted is the function cgi_portforwarding_add/cgi_portforwarding_del/cgi_portforwarding_modify/cgi_portforwarding_add_scan/cgi_dhcpd_lease/cgi_ddns/cgi_ip/cgi_dhcpd of the file /cgi-bin/network_mgr.cgi. The manipulation results in command injection. The attack may be launched remotely. The exploit is now public and may be used.
Impact
Base Score 4.0
5.30
Severity 4.0
MEDIUM
Base Score 3.x
6.30
Severity 3.x
MEDIUM
Base Score 2.0
6.50
Severity 2.0
MEDIUM
References to Advisories, Solutions, and Tools
- https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_122/122.md
- https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_123/123.md
- https://vuldb.com/?ctiid_351115=
- https://vuldb.com/?id_351115=
- https://vuldb.com/?submit_770401=
- https://vuldb.com/?submit_770402=
- https://vuldb.com/?submit_770403=
- https://vuldb.com/?submit_770404=
- https://vuldb.com/?submit_770405=
- https://vuldb.com/?submit_770406=
- https://vuldb.com/?submit_770407=
- https://vuldb.com/?submit_770408=
- https://www.dlink.com/