High severity7.3NVD Advisory· Published Mar 16, 2026· Updated Apr 29, 2026

CVE-2026-4194

Description

A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The impacted element is the function cgi_set_wto of the file /cgi-bin/system_mgr.cgi. Performing a manipulation results in improper access controls. Remote exploitation of the attack is possible. The exploit is now public and may be used.

Affected products

Dlink/Dnr 202l Firmware
cpe:2.3:o:dlink:dnr-202l_firmware:*:*:*:*:*:*:*:*
Range: <=2026-02-05
Dlink/Dnr 326 Firmware
cpe:2.3:o:dlink:dnr-326_firmware:*:*:*:*:*:*:*:*
Range: <=2026-02-05
Dlink/Dns 1100 4 Firmware
cpe:2.3:o:dlink:dns-1100-4_firmware:*:*:*:*:*:*:*:*
Range: <=2026-02-05
Dlink/Dns 1200 05 Firmware
cpe:2.3:o:dlink:dns-1200-05_firmware:*:*:*:*:*:*:*:*
Range: <=2026-02-05
Dlink/Dns 120 Firmware
cpe:2.3:o:dlink:dns-120_firmware:*:*:*:*:*:*:*:*
Range: <=2026-02-05
Dlink/Dns 1550 04 Firmware
cpe:2.3:o:dlink:dns-1550-04_firmware:*:*:*:*:*:*:*:*
Range: <=2026-02-05
Dlink/Dns 315l Firmware
cpe:2.3:o:dlink:dns-315l_firmware:*:*:*:*:*:*:*:*
Range: <=2026-02-05
Dlink/Dns 320 Firmware
cpe:2.3:o:dlink:dns-320_firmware:*:*:*:*:*:*:*:*
Range: <=2026-02-05
Dlink/Dns 320l Firmware
cpe:2.3:o:dlink:dns-320l_firmware:*:*:*:*:*:*:*:*
Range: <=2026-02-05
Dlink/Dns 320lw Firmware
cpe:2.3:o:dlink:dns-320lw_firmware:*:*:*:*:*:*:*:*
Range: <=2026-02-05
Dlink/Dns 321 Firmware
cpe:2.3:o:dlink:dns-321_firmware:*:*:*:*:*:*:*:*
Range: <=2026-02-05
Dlink/Dns 322l Firmware
cpe:2.3:o:dlink:dns-322l_firmware:*:*:*:*:*:*:*:*
Range: <=2026-02-05
Dlink/Dns 323 Firmware
cpe:2.3:o:dlink:dns-323_firmware:*:*:*:*:*:*:*:*
Range: <=2026-02-05
Dlink/Dns 325 Firmware
cpe:2.3:o:dlink:dns-325_firmware:*:*:*:*:*:*:*:*
Range: <=2026-02-05
Dlink/Dns 326 Firmware
cpe:2.3:o:dlink:dns-326_firmware:*:*:*:*:*:*:*:*
Range: <=2026-02-05
Dlink/Dns 327l Firmware
cpe:2.3:o:dlink:dns-327l_firmware:*:*:*:*:*:*:*:*
Range: <=2026-02-05
Dlink/Dns 340l Firmware
cpe:2.3:o:dlink:dns-340l_firmware:*:*:*:*:*:*:*:*
Range: <=2026-02-05
Dlink/Dns 343 Firmware
cpe:2.3:o:dlink:dns-343_firmware:*:*:*:*:*:*:*:*
Range: <=2026-02-05
Dlink/Dns 345 Firmware
cpe:2.3:o:dlink:dns-345_firmware:*:*:*:*:*:*:*:*
Range: <=2026-02-05
Dlink/Dns 726 4 Firmware
cpe:2.3:o:dlink:dns-726-4_firmware:*:*:*:*:*:*:*:*
Range: <=2026-02-05

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_96/96.mdnvdExploitThird Party Advisory
vuldb.comnvdThird Party AdvisoryVDB Entry
vuldb.comnvdThird Party AdvisoryVDB Entry
vuldb.comnvdPermissions RequiredVDB Entry
www.dlink.comnvdProduct

News mentions

No linked articles in our index yet.

cvss	0.474
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000