CVE-2026-4203
Gravedad CVSS v4.0:
MEDIA
Tipo:
CWE-74
Neutralización incorrecta de elementos especiales en la salida utilizada por un componente interno (Inyección)
Fecha de publicación:
16/03/2026
Última modificación:
16/03/2026
Descripción
*** Pendiente de traducción *** A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Impacted is the function cgi_portforwarding_add/cgi_portforwarding_del/cgi_portforwarding_modify/cgi_portforwarding_add_scan/cgi_dhcpd_lease/cgi_ddns/cgi_ip/cgi_dhcpd of the file /cgi-bin/network_mgr.cgi. The manipulation results in command injection. The attack may be launched remotely. The exploit is now public and may be used.
Impacto
Puntuación base 4.0
5.30
Gravedad 4.0
MEDIA
Puntuación base 3.x
6.30
Gravedad 3.x
MEDIA
Puntuación base 2.0
6.50
Gravedad 2.0
MEDIA
Referencias a soluciones, herramientas e información
- https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_122/122.md
- https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_123/123.md
- https://vuldb.com/?ctiid_351115=
- https://vuldb.com/?id_351115=
- https://vuldb.com/?submit_770401=
- https://vuldb.com/?submit_770402=
- https://vuldb.com/?submit_770403=
- https://vuldb.com/?submit_770404=
- https://vuldb.com/?submit_770405=
- https://vuldb.com/?submit_770406=
- https://vuldb.com/?submit_770407=
- https://vuldb.com/?submit_770408=
- https://www.dlink.com/