VAR-202604-0419
Vulnerability from variot - Updated: 2026-04-11 00:02A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function Webdav_Access_List of the file /cgi-bin/file_center.cgi. Performing a manipulation of the argument cmd results in improper access controls. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. This vulnerability affects files. The method for exploiting the vulnerability has been made public and could be used to carry out attacks.There is a possibility that some of the information handled by the software may be leaked to the outside. However, the information handled by the software will not be rewritten. Furthermore, the software will not stop
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "dnr-202l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-343",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-322l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dnr-326",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-320lw",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-320",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-1100-4",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-315l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-345",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-326",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-340l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-327l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-120",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-320l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-323",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-1200-05",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-321",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-325",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-1550-04",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-726-4",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-726-4",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dns-340l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dns-315l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "d-link dnr-326",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dns-1550-04",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "d-link dns-325",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dns-343",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "d-link dns-345",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "d-link dns-322l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dns-323",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "d-link dns-320lw",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dns-1100-4",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dns-326",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "d-link dns-327l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "d-link dns-320",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dns-1200-05",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "d-link dns-320l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dnr-202l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dns-120",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dns-321",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2026-010317"
},
{
"db": "NVD",
"id": "CVE-2026-5311"
}
]
},
"cve": "CVE-2026-5311",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "cna@vuldb.com",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2026-5311",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2026-010317",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cna@vuldb.com",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2026-5311",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2026-010317",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "cna@vuldb.com",
"id": "CVE-2026-5311",
"trust": 1.0,
"value": "Medium"
},
{
"author": "OTHER",
"id": "JVNDB-2026-010317",
"trust": 0.8,
"value": "Medium"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2026-010317"
},
{
"db": "NVD",
"id": "CVE-2026-5311"
}
]
},
"description": {
"_id": null,
"data": "A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function Webdav_Access_List of the file /cgi-bin/file_center.cgi. Performing a manipulation of the argument cmd results in improper access controls. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. This vulnerability affects files. The method for exploiting the vulnerability has been made public and could be used to carry out attacks.There is a possibility that some of the information handled by the software may be leaked to the outside. However, the information handled by the software will not be rewritten. Furthermore, the software will not stop",
"sources": [
{
"db": "NVD",
"id": "CVE-2026-5311"
},
{
"db": "JVNDB",
"id": "JVNDB-2026-010317"
}
],
"trust": 1.62
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2026-5311",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2026-010317",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2026-010317"
},
{
"db": "NVD",
"id": "CVE-2026-5311"
}
]
},
"id": "VAR-202604-0419",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6016763333333334
},
"last_update_date": "2026-04-11T00:02:03.907000Z",
"patch": {
"_id": null,
"data": [
{
"title": "//vuldb.com/vuln/354640",
"trust": 0.8,
"url": "https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_171/171.md"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2026-010317"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-284",
"trust": 1.0
},
{
"problemtype": "CWE-266",
"trust": 1.0
},
{
"problemtype": "Improper permission settings (CWE-266) [ others ]",
"trust": 0.8
},
{
"problemtype": " Inappropriate access control (CWE-284) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2026-010317"
},
{
"db": "NVD",
"id": "CVE-2026-5311"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.8,
"url": "https://www.dlink.com/"
},
{
"trust": 1.0,
"url": "https://vuldb.com/vuln/354640/cti"
},
{
"trust": 1.0,
"url": "https://vuldb.com/vuln/354640"
},
{
"trust": 1.0,
"url": "https://github.com/wudipjq/my_vuln/blob/main/d-link8/vuln_171/171.md"
},
{
"trust": 1.0,
"url": "https://vuldb.com/submit/780441"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2026-5311"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2026-010317"
},
{
"db": "NVD",
"id": "CVE-2026-5311"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2026-010317",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2026-5311",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2026-04-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2026-010317",
"ident": null
},
{
"date": "2026-04-01T20:16:29.950000",
"db": "NVD",
"id": "CVE-2026-5311",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2026-04-09T01:41:00",
"db": "JVNDB",
"id": "JVNDB-2026-010317",
"ident": null
},
{
"date": "2026-04-07T15:43:56.293000",
"db": "NVD",
"id": "CVE-2026-5311",
"ident": null
}
]
},
"title": {
"_id": null,
"data": "D-Link\u00a0Corporation of dnr-202l\u00a0 Multiple vulnerabilities in multiple products, including firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2026-010317"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…