CVE-2026-4209

CRITICAL WAF: High

CVSS 9.8 Published: 2026-03-16

CWE-77 CWE-77

A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function cgi_create_import_users/cgi_user_batch_create/cgi_user_set_quota/cgi_user_del/cgi_user_modify/cgi_group_set_quota/cgi_group_modify/cgi_group_add/cgi_user_add/cgi_get_modify_group_info/cgi_chg_admin_pw of the file /cgi-bin/account_mgr.cgi. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.

WAF Coverage Analysis

Command Injection High WAF Coverage

OWASP: A03:2021 Injection

932xxx - Remote Code Execution

Command Injection High WAF Coverage

OWASP: A03:2021 Injection

932xxx - Remote Code Execution

Affected Software

Vendor	Product	Version
dlink	dnr-202l_firmware	up to 2026-02-05
dlink	dnr-326_firmware	up to 2026-02-05
dlink	dns-1100-4_firmware	up to 2026-02-05
dlink	dns-120_firmware	up to 2026-02-05
dlink	dns-1200-05_firmware	up to 2026-02-05
dlink	dns-1550-04_firmware	up to 2026-02-05
dlink	dns-315l_firmware	up to 2026-02-05
dlink	dns-320_firmware	up to 2026-02-05
dlink	dns-320l_firmware	up to 2026-02-05
dlink	dns-320lw_firmware	up to 2026-02-05

References

github.com (Exploit, Third Party Advisory)
github.com (Exploit, Third Party Advisory)
vuldb.com (Permissions Required, VDB Entry)
vuldb.com (Third Party Advisory, VDB Entry)
vuldb.com (Third Party Advisory, VDB Entry)
vuldb.com (Third Party Advisory, VDB Entry)
vuldb.com (Third Party Advisory, VDB Entry)
vuldb.com (Third Party Advisory, VDB Entry)
vuldb.com (Third Party Advisory, VDB Entry)
vuldb.com (Third Party Advisory, VDB Entry)

Back to CVE Database