79
CVEs
3
Critical
60
High
0
KEV
36
PoC
62
Unpatched C/H
1.3%
Patch Rate
0.1%
Avg EPSS
Severity Breakdown
CRITICAL
3
HIGH
60
MEDIUM
16
LOW
0
Monthly CVE Trend
Affected Products (30)
Command Injection
137
Stack Overflow
60
Dir 823x Firmware
37
Dir 513 Firmware
34
Dir 619l Firmware
28
Dir 816 Firmware
26
Dwr M960 Firmware
22
Dir 605l Firmware
17
PHP
15
Dnr 202l
11
Dnr 322l
11
Dns 327l
11
Dns 315l
11
Dnr 326
11
Dns 1200 05
11
Di 7003G Firmware
11
Dns 345
11
Dns 1550 04
11
Dns 326
11
Dns 320lw
11
Dns 340l
11
Dns 325
11
Dns 321
11
Dns 1100 4
11
Dns 120
11
Dns 343
11
Dns 320
11
Dns 320l
11
Dns 323
11
Dns 726 4
11
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-4183 | Critical stack-based buffer overflow vulnerability in D-Link DIR-816 router firmware version 1.10CNB05, affecting the wireless configuration interface (/goform/form2WlanBasicSetup.cgi). A publicly available proof-of-concept exploit exists, allowing remote attackers without authentication to achieve complete system compromise. The vulnerability affects end-of-life products no longer supported by D-Link, making patches unlikely. | CRITICAL | 9.8 | 0.1% | 69 |
PoC
No patch
|
| CVE-2026-4182 | Critical stack-based buffer overflow vulnerability in the D-Link DIR-816 router (version 1.10CNB05) that allows remote attackers to achieve full system compromise without authentication. A public proof-of-concept exploit is available on GitHub, and the vulnerability affects end-of-life products no longer supported by D-Link, making this a high-risk issue for organizations still using these devices. | CRITICAL | 9.8 | 0.1% | 69 |
PoC
No patch
|
| CVE-2026-4184 | Critical stack-based buffer overflow vulnerability in the D-Link DIR-816 router (version 1.10CNB05) that allows remote attackers to execute arbitrary code without authentication. A public proof-of-concept exploit is available on GitHub, making this vulnerability actively exploitable. However, D-Link no longer supports this product, meaning no patch will be released. | CRITICAL | 9.8 | 0.1% | 69 |
PoC
No patch
|
| CVE-2026-4181 | Critical stack-based buffer overflow vulnerability in the D-Link DIR-816 router (firmware version 1.10CNB05) that allows remote attackers to execute arbitrary code without authentication. A public proof-of-concept exploit is available, and the vulnerability affects end-of-life products no longer supported by D-Link, making this a high-risk issue for organizations still using these devices. | HIGH | 8.9 | 0.1% | 65 |
PoC
No patch
|
| CVE-2026-4213 | Stack-based buffer overflow in D-Link DNS storage appliances (DNS-120, DNS-340L, DNS-1200-05 and others) through the /cgi-bin/gui_mgr.cgi endpoint allows remote authenticated attackers to achieve code execution. Public exploit code exists for this vulnerability, and no patch is currently available. Affected firmware versions are dated up to February 5, 2026. | HIGH | 8.8 | 0.1% | 64 |
PoC
No patch
|
| CVE-2026-4188 | Remote code execution in D-Link DIR-619L 2.06B01 results from a stack-based buffer overflow in the formSchedule function when the curTime parameter is manipulated via the /goform/formSchedule endpoint. An authenticated remote attacker can exploit this vulnerability to achieve full system compromise, and public exploit code is currently available. This vulnerability affects only end-of-life devices that no longer receive security updates. | HIGH | 8.8 | 0.0% | 64 |
PoC
No patch
|
| CVE-2026-4211 | Stack-based buffer overflow in D-Link DNS and DNR network storage devices allows authenticated remote attackers to execute arbitrary code by manipulating the f_idx parameter in the local_backup_mgr.cgi endpoint. Public exploit code exists for this vulnerability, which affects multiple device models up to firmware version 20260205 with no patch currently available. An attacker with valid credentials can trigger memory corruption to achieve complete system compromise including code execution, data theft, and service disruption. | HIGH | 8.8 | 0.0% | 64 |
PoC
No patch
|
| CVE-2026-4212 | Stack-based buffer overflow in D-Link DNS NAS devices (DNS-120 through DNS-1550-04) allows authenticated attackers to achieve remote code execution via the Downloads_Schedule_Info function in /cgi-bin/download_mgr.cgi. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid credentials but can be executed over the network with high impact on confidentiality, integrity, and availability. | HIGH | 8.8 | 0.0% | 64 |
PoC
No patch
|
| CVE-2026-4214 | Stack-based buffer overflow in D-Link NAS devices (DNS-120, DNR-202L, DNS-315L, DNS-320 series, DNS-326, DNS-1100-4, and others) through the UPnP_AV_Server_Path_Setting function in /cgi-bin/app_mgr.cgi allows authenticated remote attackers to achieve complete system compromise with high integrity, confidentiality, and availability impact. Public exploit code exists for this vulnerability, and no patch is currently available. | HIGH | 8.8 | 0.0% | 64 |
PoC
No patch
|
| CVE-2026-4529 | Stack-based buffer overflow in the SOAP Handler of unsupported D-Link DHP-1320 1.00WWB04 devices allows authenticated remote attackers to achieve complete system compromise through the redirect_count_down_page function. Public exploit code exists for this vulnerability, which carries a high risk given the affected devices are no longer maintained. Successful exploitation enables arbitrary code execution with full confidentiality, integrity, and availability impact. | HIGH | 8.8 | 0.0% | 64 |
PoC
No patch
|
| CVE-2026-4486 | Remote code execution in D-Link DIR-513 1.10 via stack-based buffer overflow in the /goform/formEasySetPassword endpoint allows unauthenticated attackers to achieve full system compromise through a malicious curTime parameter. Public exploit code exists for this vulnerability, and affected devices are no longer receiving security updates from the vendor. An attacker with network access can execute arbitrary code with high privileges without user interaction. | HIGH | 7.4 | 0.1% | 57 |
PoC
No patch
|
| CVE-2026-5212 | Stack-based buffer overflow in D-Link NAS devices enables authenticated remote attackers to execute arbitrary code with full system privileges. Affecting 20+ end-of-life D-Link DNS and DNR network storage models through firmware version 20260205, the flaw resides in the Webdav_Upload_File function within /cgi-bin/webdav_mgr.cgi. Publicly available exploit code exists, significantly lowering the barrier to exploitation. CVSS 8.8 (High) reflects network-accessible attack requiring only low-privilege authentication with no user interaction. Organizations using these legacy devices face immediate risk of complete confidentiality, integrity, and availability compromise. | HIGH | 7.4 | 0.1% | 57 |
PoC
No patch
|
| CVE-2026-4555 | Remote code execution in D-Link DIR-513 1.10 through stack-based buffer overflow in the /goform/formEasySetTimezone endpoint allows authenticated attackers to achieve full system compromise. Public exploit code exists for this vulnerability, and affected devices are no longer receiving security updates from the vendor. An attacker with valid credentials can exploit this remotely without user interaction to execute arbitrary commands with system privileges. | HIGH | 7.4 | 0.0% | 57 |
PoC
No patch
|
| CVE-2026-5024 | Stack-based buffer overflow in D-Link DIR-513 1.10 router's email configuration interface allows authenticated remote attackers to achieve arbitrary code execution with high impact to confidentiality, integrity, and availability. The vulnerability affects the formSetEmail function via manipulation of the curTime parameter. Publicly available exploit code exists on GitHub, significantly lowering the exploitation barrier. CRITICAL LIMITATION: This product reached end-of-life and receives no security updates from D-Link, making this a permanent risk for deployed devices. CVSS 8.8 with low attack complexity and CVSS:3.1 Exploit Maturity 'Proof-of-Concept' confirms immediate exploitability. | HIGH | 7.4 | 0.0% | 57 |
PoC
No patch
|
| CVE-2026-5211 | Stack-based buffer overflow in D-Link NAS devices enables remote code execution with high integrity impact for authenticated users. The vulnerability resides in the UPnP_AV_Server_Path_Del function within /cgi-bin/app_mgr.cgi, exploitable via manipulation of the f_dir parameter. With CVSS 8.8 (High), low attack complexity (AC:L), network accessibility (AV:N), and publicly available exploit code, this represents an elevated threat to approximately 20 legacy D-Link NAS models through firmware versions up to 20260205. No vendor-released patch identified at time of analysis, and many affected models appear to be end-of-life products. | HIGH | 7.4 | 0.0% | 57 |
PoC
No patch
|