VAR-202604-0545
Vulnerability from variot - Updated: 2026-04-11 00:02A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected by this vulnerability is the function FMT_restart/Status_HDInfo/SMART_List/ScanDisk_info/ScanDisk/volume_status/Get_Volume_Mapping/FMT_check_disk_remount_state/FMT_rebuildinfo/FMT_result_list/FMT_result_list_phy/FMT_get_dminfo/FMT_manually_rebuild_info/Get_current_raidtype of the file /cgi-bin/dsk_mgr.cgi. Executing a manipulation can lead to improper access controls. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. D-Link of DNS-120 , DNR-202L , DNS-315L , DNS-320 , DNS-320L , DNS-320LW , DNS-321 , DNR-322L , DNS-323 , DNS-325 , DNS-326 , DNS-327L , DNR-326 , DNS-340L , DNS-343 , DNS-345 , DNS-726-4 , DNS-1100-4 , DNS-1200-05 and DNS-1550-04 (( 2026 Year 2 Moon 5 A vulnerability was identified (up to [date]). Exploits for this vulnerability are publicly available and could be used to attack.Information handled by the software will not be leaked to the outside. Information handled by the software will not be rewritten. In addition, part of the software may stop functioning. Furthermore, attacks exploiting this vulnerability will not affect other software
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "dnr-202l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-343",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-322l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dnr-326",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-320lw",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-320",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-1100-4",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-315l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-345",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-326",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-340l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-327l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-320l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-323",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-120",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-1200-05",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-321",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-325",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-1550-04",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-726-4",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-726-4",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dns-340l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dns-315l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "d-link dnr-326",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dns-1550-04",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "d-link dns-325",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dns-343",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "d-link dns-345",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "d-link dns-322l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dns-323",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "d-link dns-320lw",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dns-1100-4",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dns-326",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "d-link dns-327l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "d-link dns-320",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dns-1200-05",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "d-link dns-320l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dnr-202l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dns-120",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dns-321",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2026-010316"
},
{
"db": "NVD",
"id": "CVE-2026-5312"
}
]
},
"cve": "CVE-2026-5312",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "cna@vuldb.com",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2026-5312",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "OTHER",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2026-010316",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cna@vuldb.com",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2026-5312",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "Low",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2026-010316",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "cna@vuldb.com",
"id": "CVE-2026-5312",
"trust": 1.0,
"value": "Medium"
},
{
"author": "OTHER",
"id": "JVNDB-2026-010316",
"trust": 0.8,
"value": "Medium"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2026-010316"
},
{
"db": "NVD",
"id": "CVE-2026-5312"
}
]
},
"description": {
"_id": null,
"data": "A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected by this vulnerability is the function FMT_restart/Status_HDInfo/SMART_List/ScanDisk_info/ScanDisk/volume_status/Get_Volume_Mapping/FMT_check_disk_remount_state/FMT_rebuildinfo/FMT_result_list/FMT_result_list_phy/FMT_get_dminfo/FMT_manually_rebuild_info/Get_current_raidtype of the file /cgi-bin/dsk_mgr.cgi. Executing a manipulation can lead to improper access controls. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. D-Link of DNS-120 , DNR-202L , DNS-315L , DNS-320 , DNS-320L , DNS-320LW , DNS-321 , DNR-322L , DNS-323 , DNS-325 , DNS-326 , DNS-327L , DNR-326 , DNS-340L , DNS-343 , DNS-345 , DNS-726-4 , DNS-1100-4 , DNS-1200-05 and DNS-1550-04 (( 2026 Year 2 Moon 5 A vulnerability was identified (up to [date]). Exploits for this vulnerability are publicly available and could be used to attack.Information handled by the software will not be leaked to the outside. Information handled by the software will not be rewritten. In addition, part of the software may stop functioning. Furthermore, attacks exploiting this vulnerability will not affect other software",
"sources": [
{
"db": "NVD",
"id": "CVE-2026-5312"
},
{
"db": "JVNDB",
"id": "JVNDB-2026-010316"
}
],
"trust": 1.62
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2026-5312",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2026-010316",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2026-010316"
},
{
"db": "NVD",
"id": "CVE-2026-5312"
}
]
},
"id": "VAR-202604-0545",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6016763333333334
},
"last_update_date": "2026-04-11T00:02:03.860000Z",
"patch": {
"_id": null,
"data": [
{
"title": "https",
"trust": 0.8,
"url": "https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_172/172.md"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2026-010316"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-284",
"trust": 1.0
},
{
"problemtype": "CWE-266",
"trust": 1.0
},
{
"problemtype": "Improper permission settings (CWE-266) [ others ]",
"trust": 0.8
},
{
"problemtype": " Inappropriate access control (CWE-284) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2026-010316"
},
{
"db": "NVD",
"id": "CVE-2026-5312"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.8,
"url": "https://www.dlink.com/"
},
{
"trust": 1.0,
"url": "https://vuldb.com/submit/780442"
},
{
"trust": 1.0,
"url": "https://vuldb.com/vuln/354641"
},
{
"trust": 1.0,
"url": "https://vuldb.com/submit/780443"
},
{
"trust": 1.0,
"url": "https://github.com/wudipjq/my_vuln/blob/main/d-link8/vuln_172/172.md"
},
{
"trust": 1.0,
"url": "https://github.com/wudipjq/my_vuln/blob/main/d-link8/vuln_173/173.md"
},
{
"trust": 1.0,
"url": "https://vuldb.com/vuln/354641/cti"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2026-5312"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2026-010316"
},
{
"db": "NVD",
"id": "CVE-2026-5312"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2026-010316",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2026-5312",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2026-04-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2026-010316",
"ident": null
},
{
"date": "2026-04-01T21:17:03.613000",
"db": "NVD",
"id": "CVE-2026-5312",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2026-04-09T01:41:00",
"db": "JVNDB",
"id": "JVNDB-2026-010316",
"ident": null
},
{
"date": "2026-04-07T15:42:59.280000",
"db": "NVD",
"id": "CVE-2026-5312",
"ident": null
}
]
},
"title": {
"_id": null,
"data": "D-Link\u00a0Corporation of dnr-202l\u00a0 Multiple vulnerabilities in multiple products, including firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2026-010316"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…