Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This affects an unknown function of the file /cgi-bin/wizard_mgr.cgi. Executing a manipulation can lead to command injection. The attack can be executed remotely. The exploit has been published and may be used.
AnalysisAI
Command injection in D-Link NAS devices (DNS-120, DNR-202L, DNS-315L, DNS-320 series, DNS-323 through DNS-1550-04 with firmware prior to 20260205) allows authenticated remote attackers to execute arbitrary commands via the /cgi-bin/wizard_mgr.cgi endpoint. Public exploit code is available and no patch is currently available for affected users.
Technical ContextAI
The vulnerability is classified as CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component, also known as Injection) and manifests as command injection in the CGI script wizard_mgr.cgi, a web-based management interface common to D-Link network storage appliances. The affected products are network-attached storage (NAS) devices and DNS/DNR series storage servers that rely on web-based administration through CGI scripts. The root cause stems from insufficient input validation and sanitization of parameters passed to the wizard_mgr.cgi function, allowing attackers to inject shell metacharacters or command sequences. D-Link's legacy web administration interfaces frequently exhibited such vulnerabilities due to minimal input filtering in early-generation CGI implementations.
RemediationAI
Firmware updates addressing this vulnerability should be obtained from D-Link's official website (https://www.dlink.com/), where vendors typically publish security advisories and patched firmware builds for each affected model. Users must immediately update all affected D-Link NAS devices to firmware versions released after 20260205. Until patches are applied, implement network-level controls by restricting access to the device's web administration interface (TCP 80/443) to trusted administrative IP addresses only, using firewall rules or access control lists. Disable remote management if not actively required, enforce strong passwords or multi-factor authentication if supported by the device firmware, and monitor for suspicious CGI requests to /cgi-bin/wizard_mgr.cgi in device logs. For critical deployments, consider placing the NAS behind a reverse proxy with request validation and input filtering rules to prevent command injection payloads from reaching the vulnerable endpoint. Check the advisory references at https://nvd.nist.gov/vuln/detail/CVE-2026-4195 and contact D-Link support for device-specific patching timelines.
The D-Link DIR-645 Wired/Wireless Router Rev. Rated high severity (CVSS 8.8), this vulnerability is no authentication re
The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr
D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP POST to get set
Stack-based buffer overflow in the do_hnap function in www/my_cgi.cgi in D-Link DSP-W215 (Rev. Rated critical severity (
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Rated high severity (CVSS 8.0)
Unrestricted file upload vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote authenticated use
D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?RE
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. Rated medium severity (CVSS 4.3), thi
Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remot
A vulnerability in the D-Link DIR-859 router with firmware version A3 1.05 and earlier permits unauthorized individuals
The web interface of multiple D-Link routers, including DIR-600 rev B (≤2.14b01) and DIR-300 rev B (≤2.13), contains an
An OS command injection vulnerability exists in various legacy D-Link routers-including DIR-300 rev B and DIR-600 (firmw
Same technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-12262