CVE-2026-5312

🗓️ 01 Apr 2026 20:30:15Reported by VulDBType

cve🔗 web.nvd.nist.gov👁 12 Views🌐 WEB

CVE-2026-5312 permits improper access via dsk_mgr.cgi Get_current_raidtype in D-Link devices; remote exploit.

Reporter	Title	Published	Views	Family All 9
ATTACKERKB	CVE-2026-5312	1 Apr 202620:30	–	attackerkb
Circl	CVE-2026-5312	1 Apr 202622:50	–	circl
CNNVD	D-Link多款产品访问控制错误漏洞	1 Apr 202600:00	–	cnnvd
Cvelist	CVE-2026-5312 D-Link DNS-1550-04 dsk_mgr.cgi Get_current_raidtype access control	1 Apr 202620:30	–	cvelist
EUVD	EUVD-2026-18069	1 Apr 202621:30	–	euvd
NVD	CVE-2026-5312	1 Apr 202621:17	–	nvd
Positive Technologies	PT-2026-29614	1 Apr 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-5312	2 Apr 202622:55	–	redhatcve
Vulnrichment	CVE-2026-5312 D-Link DNS-1550-04 dsk_mgr.cgi Get_current_raidtype access control	1 Apr 202620:30	–	vulnrichment

NVD

Vulners

Node

dlink dns-1550-04_firmwareRange≤2026-02-05

AND

dlink dns-1550-04Match-

Node

dlink dns-315l_firmwareRange≤2026-02-05

AND

dlink dns-315lMatch-

Node

dlink dns-320_firmwareRange≤2026-02-05

AND

dlink dns-320Match-

Node

dlink dns-320l_firmwareRange≤2026-02-05

AND

dlink dns-320lMatch-

Node

dlink dns-320lw_firmwareRange≤2026-02-05

AND

dlink dns-320lwMatch-

Node

dlink dns-321_firmwareRange≤2026-02-05

AND

dlink dns-321Match-

Node

dlink dns-322l_firmwareRange≤2026-02-05

AND

dlink dns-322lMatch-

Node

dlink dns-323_firmwareRange≤2026-02-05

AND

dlink dns-323Match-

Node

dlink dns-325_firmwareRange≤2026-02-05

AND

dlink dns-325Match-

Node

dlink dns-326_firmwareRange≤2026-02-05

AND

dlink dns-326Match-

Node

dlink dns-327l_firmwareRange≤2026-02-05

AND

dlink dns-327lMatch-

Node

dlink dns-340l_firmwareRange≤2026-02-05

AND

dlink dns-340lMatch-

Node

dlink dns-343_firmwareRange≤2026-02-05

AND

dlink dns-343Match-

Node

dlink dns-345_firmwareRange≤2026-02-05

AND

dlink dns-345Match-

Node

dlink dns-726-4_firmwareRange≤2026-02-05

AND

dlink dns-726-4Match-

Node

dlink dnr-202l_firmwareRange≤2026-02-05

AND

dlink dnr-202lMatch-

Node

dlink dnr-326_firmwareRange≤2026-02-05

AND

dlink dnr-326Match-

Node

dlink dns-1100-4_firmwareRange≤2026-02-05

AND

dlink dns-1100-4Match-

Node

dlink dns-120_firmwareRange≤2026-02-05

AND

dlink dns-120Match-

Node

dlink dns-1200-05_firmwareRange≤2026-02-05

AND

dlink dns-1200-05Match-

[
  {
    "vendor": "D-Link",
    "product": "DNS-120",
    "versions": [
      {
        "version": "20260205",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "D-Link",
    "product": "DNR-202L",
    "versions": [
      {
        "version": "20260205",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "D-Link",
    "product": "DNS-315L",
    "versions": [
      {
        "version": "20260205",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "D-Link",
    "product": "DNS-320",
    "versions": [
      {
        "version": "20260205",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "D-Link",
    "product": "DNS-320L",
    "versions": [
      {
        "version": "20260205",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "D-Link",
    "product": "DNS-320LW",
    "versions": [
      {
        "version": "20260205",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "D-Link",
    "product": "DNS-321",
    "versions": [
      {
        "version": "20260205",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "D-Link",
    "product": "DNR-322L",
    "versions": [
      {
        "version": "20260205",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "D-Link",
    "product": "DNS-323",
    "versions": [
      {
        "version": "20260205",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "D-Link",
    "product": "DNS-325",
    "versions": [
      {
        "version": "20260205",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "D-Link",
    "product": "DNS-326",
    "versions": [
      {
        "version": "20260205",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "D-Link",
    "product": "DNS-327L",
    "versions": [
      {
        "version": "20260205",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "D-Link",
    "product": "DNR-326",
    "versions": [
      {
        "version": "20260205",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "D-Link",
    "product": "DNS-340L",
    "versions": [
      {
        "version": "20260205",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "D-Link",
    "product": "DNS-343",
    "versions": [
      {
        "version": "20260205",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "D-Link",
    "product": "DNS-345",
    "versions": [
      {
        "version": "20260205",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "D-Link",
    "product": "DNS-726-4",
    "versions": [
      {
        "version": "20260205",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "D-Link",
    "product": "DNS-1100-4",
    "versions": [
      {
        "version": "20260205",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "D-Link",
    "product": "DNS-1200-05",
    "versions": [
      {
        "version": "20260205",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "D-Link",
    "product": "DNS-1550-04",
    "versions": [
      {
        "version": "20260205",
        "status": "affected"
      }
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/vuln/354641
github	www.github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_172/172.md
vuldb	www.vuldb.com/submit/780443
github	www.github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_173/173.md
vuldb	www.vuldb.com/submit/780442
vuldb	www.vuldb.com/vuln/354641/cti
dlink	www.dlink.com/

Parameter	Position	Path	Description	CWE
FMT_restart	path	/cgi-bin/dsk_mgr.cgi	Remote exploit on affected D-Link NAS devices via /cgi-bin/dsk_mgr.cgi allowing manipulation of multiple functions and leading to improper access controls.	CWE-284, CWE-266
Status_HDInfo	path	/cgi-bin/dsk_mgr.cgi	Remote exploit on affected D-Link NAS devices via /cgi-bin/dsk_mgr.cgi allowing manipulation of multiple functions and leading to improper access controls.	CWE-284, CWE-266
SMART_List	path	/cgi-bin/dsk_mgr.cgi	Remote exploit on affected D-Link NAS devices via /cgi-bin/dsk_mgr.cgi allowing manipulation of multiple functions and leading to improper access controls.	CWE-284, CWE-266
ScanDisk_info	path	/cgi-bin/dsk_mgr.cgi	Remote exploit on affected D-Link NAS devices via /cgi-bin/dsk_mgr.cgi allowing manipulation of multiple functions and leading to improper access controls.	CWE-284, CWE-266
ScanDisk	path	/cgi-bin/dsk_mgr.cgi	Remote exploit on affected D-Link NAS devices via /cgi-bin/dsk_mgr.cgi allowing manipulation of multiple functions and leading to improper access controls.	CWE-284, CWE-266
volume_status	path	/cgi-bin/dsk_mgr.cgi	Remote exploit on affected D-Link NAS devices via /cgi-bin/dsk_mgr.cgi allowing manipulation of multiple functions and leading to improper access controls.	CWE-284, CWE-266
Get_Volume_Mapping	path	/cgi-bin/dsk_mgr.cgi	Remote exploit on affected D-Link NAS devices via /cgi-bin/dsk_mgr.cgi allowing manipulation of multiple functions and leading to improper access controls.	CWE-284, CWE-266
FMT_check_disk_remount_state	path	/cgi-bin/dsk_mgr.cgi	Remote exploit on affected D-Link NAS devices via /cgi-bin/dsk_mgr.cgi allowing manipulation of multiple functions and leading to improper access controls.	CWE-284, CWE-266
FMT_rebuildinfo	path	/cgi-bin/dsk_mgr.cgi	Remote exploit on affected D-Link NAS devices via /cgi-bin/dsk_mgr.cgi allowing manipulation of multiple functions and leading to improper access controls.	CWE-284, CWE-266
FMT_result_list	path	/cgi-bin/dsk_mgr.cgi	Remote exploit on affected D-Link NAS devices via /cgi-bin/dsk_mgr.cgi allowing manipulation of multiple functions and leading to improper access controls.	CWE-284, CWE-266

17 Jun 2026 10:58Current

5.8Medium risk

Vulners AI Score5.8

CVSS 25

CVSS 3.15.3

CVSS 46.9

CVSS 35.3

EPSS0.0054

SSVC