CVE-2026-4197
Gravedad CVSS v4.0:
MEDIA
Tipo:
CWE-74
Neutralización incorrecta de elementos especiales en la salida utilizada por un componente interno (Inyección)
Fecha de publicación:
16/03/2026
Última modificación:
16/03/2026
Descripción
*** Pendiente de traducción *** A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function RSS_Get_Update_Status/RSS_Update/RSS_Channel_AutoDownlaod/RSS_Add/RSS_Channel_Item_Downlaod/RSS_History_Item_List/RSS_Item_List of the file /cgi-bin/download_mgr.cgi. The manipulation results in command injection. The attack may be performed from remote. The exploit has been made public and could be used.
Impacto
Puntuación base 4.0
5.30
Gravedad 4.0
MEDIA
Puntuación base 3.x
6.30
Gravedad 3.x
MEDIA
Puntuación base 2.0
6.50
Gravedad 2.0
MEDIA
Referencias a soluciones, herramientas e información
- https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_102/102.md
- https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_103/103.md
- https://vuldb.com/?ctiid_351109=
- https://vuldb.com/?id_351109=
- https://vuldb.com/?submit_769864=
- https://vuldb.com/?submit_769865=
- https://vuldb.com/?submit_769866=
- https://vuldb.com/?submit_769867=
- https://vuldb.com/?submit_769868=
- https://vuldb.com/?submit_769869=
- https://vuldb.com/?submit_769870=
- https://vuldb.com/?submit_770363=
- https://vuldb.com/?submit_770364=
- https://www.dlink.com/