HIGHCVE-2026-4213Published 2026-03-16Modified 2026-03-16CNA VulDB

CVE-2026-4213: D-Link DNS-1550-04 gui_mgr.cgi cgi_myfavorite_verify stack-based overflow

A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This vulnerability affects the function cgi_myfavorite_del_user/cgi_myfavorite_verify of the file /cgi-bin/gui_mgr.cgi. Performing a manipulation results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.

CVSS v4.0: 8.7
Severity: HIGH
Fixed in: —
Affected Products: 20

Affected packages

D-Link / DNS-120
20260205
D-Link / DNR-202L
20260205
D-Link / DNS-315L
20260205
D-Link / DNS-320
20260205
D-Link / DNS-320L
20260205
D-Link / DNS-320LW
20260205
D-Link / DNS-321
20260205
D-Link / DNR-322L
20260205
D-Link / DNS-323
20260205
D-Link / DNS-325
20260205
D-Link / DNS-326
20260205
D-Link / DNS-327L
20260205
D-Link / DNR-326
20260205
D-Link / DNS-340L
20260205
D-Link / DNS-343
20260205
D-Link / DNS-345
20260205
D-Link / DNS-726-4
20260205
D-Link / DNS-1100-4
20260205
D-Link / DNS-1200-05
20260205
D-Link / DNS-1550-04
20260205

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

References

Metrics