EUVD-2026-12260CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
3Description
A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The impacted element is the function cgi_set_wto of the file /cgi-bin/system_mgr.cgi. Performing a manipulation results in improper access controls. Remote exploitation of the attack is possible. The exploit is now public and may be used.
Analysis
Improper access controls in D-Link NAS devices (DNS-120, DNS-323, DNS-345, DNS-1200-05, and others through firmware version 20260205) allow unauthenticated remote attackers to manipulate the cgi_set_wto function in /cgi-bin/system_mgr.cgi, potentially gaining unauthorized access or modifying system settings. Public exploit code exists for this vulnerability, and no patch is currently available.
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all D-Link DNS/DNR devices in scope and assess network exposure; isolate affected devices to restricted networks if possible. Within 7 days: Implement network-level controls (WAF rules, IP whitelisting, VPN-only access) to restrict access to /cgi-bin/system_mgr.cgi; disable the affected cgi_set_wto function if feasible through device configuration. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today