Aggregator

CVE-2026-4197 | D-Link DNS-1550-04 up to 20260205 download_mgr.cgi command injection

VulDB Recent Entries
3 days 11 hours ago
A vulnerability, which was classified as critical, was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function RSS_Get_Update_Status/RSS_Update/RSS_Channel_AutoDownlaod/RSS_Add/RSS_Channel_Item_Downlaod/RSS_History_Item_List/RSS_Item_List of the file /cgi-bin/download_mgr.cgi. The manipulation results in command injection. This vulnerability was named CVE-2026-4197. The attack may be performed from remote. In addition, an exploit is available.
vuldb.com

CVE-2026-4196 | D-Link DNS-1550-04 up to 20260205 remote_backup.cgi command injection

VulDB Recent Entries
3 days 11 hours ago
A vulnerability, which was classified as critical, has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This impacts the function cgi_recovery/cgi_backup_now/cgi_set_schedule/cgi_set_rsync_server of the file /cgi-bin/remote_backup.cgi. The manipulation leads to command injection. This vulnerability is uniquely identified as CVE-2026-4196. The attack is possible to be carried out remotely. Moreover, an exploit is present.
vuldb.com

CVE-2026-4195 | D-Link DNS-1550-04 up to 20260205 /cgi-bin/wizard_mgr.cgi command injection

VulDB Recent Entries
3 days 11 hours ago
A vulnerability classified as critical was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This affects an unknown function of the file /cgi-bin/wizard_mgr.cgi. Executing a manipulation can lead to command injection. This vulnerability is handled as CVE-2026-4195. The attack can be executed remotely. Additionally, an exploit exists.
vuldb.com

CVE-2026-4194 | D-Link DNS-1550-04 up to 20260205 /cgi-bin/system_mgr.cgi cgi_set_wto access control

VulDB Recent Entries
3 days 11 hours ago
A vulnerability classified as critical has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The impacted element is the function cgi_set_wto of the file /cgi-bin/system_mgr.cgi. Performing a manipulation results in improper access controls. This vulnerability is known as CVE-2026-4194. Remote exploitation of the attack is possible. Furthermore, an exploit is available. It is suggested to use restrictive firewalling.
vuldb.com

Managed ad