CVE-2026-4196 D-Link DNS-1550-04 remote_backup.cgi cgi_set_rsync_server command injection

A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This impacts the function...

CVE-2026-4196

A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This impacts the function...

CVE-2026-4196 D-Link DNS-1550-04 remote_backup.cgi cgi_set_rsync_server command injection

A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This impacts the function...

CVE-2026-4196

CVE-2026-4196 affects D‑Link DNS-120 and a range of DNS/DNR NAS models (DNS-120, DNS-320/320L/320LW/321/323/325/326/327L, DNS-340L/343/345, DNS-726-4, DNS-1100-4, DNS-1200-05, DNS-1550-04, DNR-202L, and others up to 20260205). The flaw resides in remote_backup.cgi’s functions under /cgi-bin/remot...

CVE-2026-4195 D-Link DNS-1550-04 wizard_mgr.cgi command injection

A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This affects an unknown function of the file...

CVE-2026-4195 D-Link DNS-1550-04 wizard_mgr.cgi command injection

A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This affects an unknown function of the file...

CVE-2026-4195

CVE-2026-4195 describes a remote command-injection flaw in multiple D-Link NAS/routers (e.g., DNS-120, DNS-320 series, DNS-1550-04, etc.) via manipulation of the file path /cgi-bin/wizard_mgr.cgi. The affected function is unknown, but exploitation allows arbitrary commands to be executed with net...

CVE-2026-4194

A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The impacted element is the function...

CVE-2026-4194 D-Link DNS-1550-04 system_mgr.cgi cgi_set_wto access control

A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The impacted element is the function...

CVE-2026-4194

CVE-2026-4194 affects multiple D-Link DNS devices (e.g., DNS-120, DNS-320 family, DNS-1550-04, others) with the vulnerable element in the CGI: /cgi-bin/system_mgr.cgi, function cgi_set_wto. The issue is improper access controls due to manipulating this function, enabling remote exploitation. Mult...

CVE-2026-4194 D-Link DNS-1550-04 system_mgr.cgi cgi_set_wto access control

A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The impacted element is the function...

CVE-2026-4193

A security vulnerability has been detected in D-Link DIR-823G 1.0.2B05. The affected element is the function...

CVE-2026-4193 D-Link DIR-823G goahead UpdateClientInfo access control

A security vulnerability has been detected in D-Link DIR-823G 1.0.2B05. The affected element is the function...

CVE-2026-4193

CVE-2026-4193 affects D-Link DIR-823G 1.0.2B05 via the goahead component, impacting numerous Get*/Set* settings (including UpdateClientInfo) and causing improper access controls. The attack could potentially be remote, with a public exploit disclosed. The affected devices are no longer supported ...

CVE-2026-4193 D-Link DIR-823G goahead UpdateClientInfo access control

A security vulnerability has been detected in D-Link DIR-823G 1.0.2B05. The affected element is the function...

CVE-2026-4188 D-Link DIR-619L boa formSchedule stack-based overflow

A security flaw has been discovered in D-Link DIR-619L 2.06B01. The affected element is the function formSchedule of the file /goform/formSchedule of the component boa. Performing a manipulation of the argument curTime results in stack-based buffer overflow. The attack may be initiated remotely...

CVE-2026-4188

CVE-2026-4188 affects D-Link DIR-619L (firmware 2.06B01). The vulnerability is in the boa component’s formSchedule function; manipulating the curTime argument triggers a stack-based buffer overflow. Exploitation is possible remotely and the exploit has been released publicly. The issue impacts pr...

CVE-2026-4188 D-Link DIR-619L boa formSchedule stack-based overflow

A security flaw has been discovered in D-Link DIR-619L 2.06B01. The affected element is the function formSchedule of the file /goform/formSchedule of the component boa. Performing a manipulation of the argument curTime results in stack-based buffer overflow. The attack may be initiated remotely...

CVE-2026-4184 D-Link DIR-816 goahead form2Wl5BasicSetup.cgi stack-based overflow

A vulnerability was detected in D-Link DIR-816 1.10CNB05. Affected by this vulnerability is an unknown functionality of the file /goform/form2Wl5BasicSetup.cgi of the component goahead. Performing a manipulation of the argument pskValue results in stack-based buffer overflow. The attack is possib...

CVE-2026-4184

CVE-2026-4184 affects D-Link DIR-816, firmware 1.10CNB05. The vulnerability lies in the goahead component, specifically the /goform/form2Wl5BasicSetup.cgi handler where manipulating the pskValue parameter triggers a stack-based buffer overflow. It is exploitable remotely and the exploit is public...