CVE-2026-4203

CRITICAL WAF: High

CVSS 9.8 Published: 2026-03-16

CWE-77 CWE-77

A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Impacted is the function cgi_portforwarding_add/cgi_portforwarding_del/cgi_portforwarding_modify/cgi_portforwarding_add_scan/cgi_dhcpd_lease/cgi_ddns/cgi_ip/cgi_dhcpd of the file /cgi-bin/network_mgr.cgi. The manipulation results in command injection. The attack may be launched remotely. The exploit is now public and may be used.

WAF Coverage Analysis

Command Injection High WAF Coverage

OWASP: A03:2021 Injection

932xxx - Remote Code Execution

Command Injection High WAF Coverage

OWASP: A03:2021 Injection

932xxx - Remote Code Execution

Affected Software

Vendor	Product	Version
dlink	dnr-202l_firmware	up to 2026-02-05
dlink	dnr-326_firmware	up to 2026-02-05
dlink	dns-1100-4_firmware	up to 2026-02-05
dlink	dns-120_firmware	up to 2026-02-05
dlink	dns-1200-05_firmware	up to 2026-02-05
dlink	dns-1550-04_firmware	up to 2026-02-05
dlink	dns-315l_firmware	up to 2026-02-05
dlink	dns-320_firmware	up to 2026-02-05
dlink	dns-320l_firmware	up to 2026-02-05
dlink	dns-320lw_firmware	up to 2026-02-05

References

github.com (Exploit, Third Party Advisory)
github.com (Exploit, Third Party Advisory)
vuldb.com (Permissions Required, VDB Entry)
vuldb.com (Third Party Advisory, VDB Entry)
vuldb.com (Third Party Advisory, VDB Entry)
vuldb.com (Third Party Advisory, VDB Entry)
vuldb.com (Third Party Advisory, VDB Entry)
vuldb.com (Third Party Advisory, VDB Entry)
vuldb.com (Third Party Advisory, VDB Entry)
vuldb.com (Third Party Advisory, VDB Entry)

Back to CVE Database