What is the CVSS score of CVE-2026-4213?

CVE-2026-4213 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Dns 120 are affected by CVE-2026-4213?

D-Link NAS devices are vulnerable to a high-severity buffer overflow attack that allows authenticated users to take complete control of affected systems.

Is there a public PoC exploit available for CVE-2026-4213?

Yes, a public proof-of-concept exploit is available for CVE-2026-4213. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2026-4213?

Within 24 hours: Identify all D-Link NAS devices in your environment and restrict network access to the CGI management interface to authorized administrators only. Within 7 days: Isolate affected NAS devices to a segmented network if they contain sensitive data, review access logs for suspicious activity, and contact D-Link support for patch timelines. Within 30 days: Develop a remediation plan including device replacement, upgrade to patched firmware versions when available, or decommissioning of unsupported models.

Dns 120 CVE-2026-4213

EUVD-2026-12327 HIGH

Stack-based Buffer Overflow (CWE-121)

2026-03-16 VulDB

Stack Overflow Buffer Overflow D-Link Dns 120 Dns 340l Dns 1200 05 Dns 345 Dns 321 Dns 323 Dns 343 Dns 320 Dns 325 Dns 327l Dns 726 4 Dns 1550 04 Dns 1100 4 Dnr 202l Dnr 326 Dnr 322l Dns 315l Dns 320l Dns 320lw Dns 326

8.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

8.8 HIGH

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

PoC Detected

Mar 16, 2026 - 14:53 vuln.today

Public exploit code

EUVD ID Assigned

Mar 16, 2026 - 05:00 euvd

EUVD-2026-12327

Analysis Generated

Mar 16, 2026 - 05:00 vuln.today

CVE Published

Mar 16, 2026 - 04:02 nvd

HIGH 8.8

DescriptionCVE.org

A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This vulnerability affects the function cgi_myfavorite_del_user/cgi_myfavorite_verify of the file /cgi-bin/gui_mgr.cgi. Performing a manipulation results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.

AnalysisAI

Stack-based buffer overflow in D-Link DNS storage appliances (DNS-120, DNS-340L, DNS-1200-05 and others) through the /cgi-bin/gui_mgr.cgi endpoint allows remote authenticated attackers to achieve code execution. Public exploit code exists for this vulnerability, and no patch is currently available. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Authenticate to D-Link NAS web interface

Exploit

Send crafted request to /cgi-bin/gui_mgr.cgi

Execution

Trigger stack-based buffer overflow in cgi_myfavorite_del_user or cgi_myfavorite_verify

Impact

Execute arbitrary code with device privileges

Access

Authenticate to D-Link NAS web interface

Exploit

Send crafted request to /cgi-bin/gui_mgr.cgi

Execution

Trigger stack-based buffer overflow in cgi_myfavorite_del_user or cgi_myfavorite_verify

Impact

Execute arbitrary code with device privileges

Vulnerability AssessmentAI

Exploitation	Valid user credentials required for authentication to D-Link NAS web interface. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	This represents a high real-world risk based on multiple factors: CVSS 8.8 (High) with network attack vector requiring only low privileges and no user interaction. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker with valid credentials (potentially default or weak passwords common on NAS devices) can remotely send specially crafted requests to the /cgi-bin/gui_mgr.cgi endpoint, triggering the buffer overflow in the favorite user management functions. This allows arbitrary code execution with the privileges of the CGI process, potentially leading to full device compromise, data theft, or use as a pivot point into the network. …
Remediation	No official patches are currently available from D-Link. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all D-Link NAS devices in your environment and restrict network access to the CGI management interface to authorized administrators only. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-4213 vulnerability details – vuln.today

Back

Dns 120 CVE-2026-4213

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Share

External POC / Exploit Code