Skip to main content

Dns 320lw CVE-2026-4214

| EUVDEUVD-2026-12329 HIGH
Stack-based Buffer Overflow (CWE-121)
2026-03-16 VulDB
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
PoC Detected
Mar 16, 2026 - 14:53 vuln.today
Public exploit code
EUVD ID Assigned
Mar 16, 2026 - 05:00 euvd
EUVD-2026-12329
Analysis Generated
Mar 16, 2026 - 05:00 vuln.today
CVE Published
Mar 16, 2026 - 04:32 nvd
HIGH 8.8

DescriptionCVE.org

A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This issue affects the function UPnP_AV_Server_Path_Setting of the file /cgi-bin/app_mgr.cgi. Executing a manipulation can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been published and may be used.

AnalysisAI

Stack-based buffer overflow in D-Link NAS devices (DNS-120, DNR-202L, DNS-315L, DNS-320 series, DNS-326, DNS-1100-4, and others) through the UPnP_AV_Server_Path_Setting function in /cgi-bin/app_mgr.cgi allows authenticated remote attackers to achieve complete system compromise with high integrity, confidentiality, and availability impact. Public exploit code exists for this vulnerability, and no patch is currently available.

Technical ContextAI

This vulnerability (CWE-121: Stack-based Buffer Overflow) occurs in the /cgi-bin/app_mgr.cgi file's UPnP_AV_Server_Path_Setting function across D-Link's DNS (ShareCenter) and DNR series NAS devices. The affected CPE entries confirm impact across models DNS-120, DNS-315L, DNS-320 series (including L/LW variants), DNS-321, DNS-323, DNS-325, DNS-326, DNS-327L, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, DNS-1550-04, DNR-202L, DNR-322L, and DNR-326. These are consumer and small business network storage appliances that provide UPnP media server functionality.

RemediationAI

No patch information is currently available in the provided references. The vendor website (https://www.dlink.com/) should be monitored for security advisories. As immediate mitigation: 1) Disable UPnP functionality if not required, 2) Restrict network access to the management interface, 3) Implement network segmentation to isolate NAS devices, 4) Monitor for suspicious activity on the affected /cgi-bin/app_mgr.cgi endpoint. Given the age and variety of affected models, some may be end-of-life without patch support.

Share

CVE-2026-4214 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy