Skip to main content

D-Link CVE-2026-4195

| EUVDEUVD-2026-12262 LOW
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CWE-74)
2026-03-16 cna@vuldb.com
2.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

5
Severity Changed
Apr 29, 2026 - 01:11 NVD
MEDIUM LOW
CVSS changed
Apr 29, 2026 - 01:11 NVD
6.3 (MEDIUM) 2.1 (LOW)
EUVD ID Assigned
Mar 16, 2026 - 14:30 euvd
EUVD-2026-12262
Analysis Generated
Mar 16, 2026 - 14:30 vuln.today
CVE Published
Mar 16, 2026 - 14:20 nvd
MEDIUM 6.3

DescriptionCVE.org

A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This affects an unknown function of the file /cgi-bin/wizard_mgr.cgi. Executing a manipulation can lead to command injection. The attack can be executed remotely. The exploit has been published and may be used.

AnalysisAI

Command injection in D-Link NAS devices (DNS-120, DNR-202L, DNS-315L, DNS-320 series, DNS-323 through DNS-1550-04 with firmware prior to 20260205) allows authenticated remote attackers to execute arbitrary commands via the /cgi-bin/wizard_mgr.cgi endpoint. Public exploit code is available and no patch is currently available for affected users.

Technical ContextAI

The vulnerability is classified as CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component, also known as Injection) and manifests as command injection in the CGI script wizard_mgr.cgi, a web-based management interface common to D-Link network storage appliances. The affected products are network-attached storage (NAS) devices and DNS/DNR series storage servers that rely on web-based administration through CGI scripts. The root cause stems from insufficient input validation and sanitization of parameters passed to the wizard_mgr.cgi function, allowing attackers to inject shell metacharacters or command sequences. D-Link's legacy web administration interfaces frequently exhibited such vulnerabilities due to minimal input filtering in early-generation CGI implementations.

RemediationAI

Firmware updates addressing this vulnerability should be obtained from D-Link's official website (https://www.dlink.com/), where vendors typically publish security advisories and patched firmware builds for each affected model. Users must immediately update all affected D-Link NAS devices to firmware versions released after 20260205. Until patches are applied, implement network-level controls by restricting access to the device's web administration interface (TCP 80/443) to trusted administrative IP addresses only, using firewall rules or access control lists. Disable remote management if not actively required, enforce strong passwords or multi-factor authentication if supported by the device firmware, and monitor for suspicious CGI requests to /cgi-bin/wizard_mgr.cgi in device logs. For critical deployments, consider placing the NAS behind a reverse proxy with request validation and input filtering rules to prevent command injection payloads from reaching the vulnerable endpoint. Check the advisory references at https://nvd.nist.gov/vuln/detail/CVE-2026-4195 and contact D-Link support for device-specific patching timelines.

More in D-Link

View all
CVE-2015-2051 HIGH POC
8.8 Feb 23

The D-Link DIR-645 Wired/Wireless Router Rev. Rated high severity (CVSS 8.8), this vulnerability is no authentication re

CVE-2015-1187 CRITICAL POC
9.8 Sep 21

The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr

CVE-2022-26258 CRITICAL POC
9.8 Mar 28

D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP POST to get set

CVE-2014-3936 CRITICAL POC
10.0 Jun 02

Stack-based buffer overflow in the do_hnap function in www/my_cgi.cgi in D-Link DSP-W215 (Rev. Rated critical severity (

CVE-2014-100005 HIGH POC
8.0 Jan 13

Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Rated high severity (CVSS 8.0)

CVE-2015-2049 CRITICAL POC
9.0 Feb 23

Unrestricted file upload vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote authenticated use

CVE-2017-12943 CRITICAL POC
9.8 Aug 18

D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?RE

CVE-2013-7389 MEDIUM POC
4.3 Jul 07

Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. Rated medium severity (CVSS 4.3), thi

CVE-2015-7245 HIGH POC
7.5 Apr 24

Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remot

CVE-2024-57045 CRITICAL POC
9.8 Feb 18

A vulnerability in the D-Link DIR-859 router with firmware version A3 1.05 and earlier permits unauthorized individuals

CVE-2013-10069 CRITICAL POC
10.0 Aug 05

The web interface of multiple D-Link routers, including DIR-600 rev B (≤2.14b01) and DIR-300 rev B (≤2.13), contains an

CVE-2013-10048 CRITICAL POC
9.3 Aug 01

An OS command injection vulnerability exists in various legacy D-Link routers-including DIR-300 rev B and DIR-600 (firmw

Share

CVE-2026-4195 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy