VYPR
Medium severity6.3NVD Advisory· Published Mar 16, 2026· Updated Apr 29, 2026

CVE-2026-4203

CVE-2026-4203

Description

A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Impacted is the function cgi_portforwarding_add/cgi_portforwarding_del/cgi_portforwarding_modify/cgi_portforwarding_add_scan/cgi_dhcpd_lease/cgi_ddns/cgi_ip/cgi_dhcpd of the file /cgi-bin/network_mgr.cgi. The manipulation results in command injection. The attack may be launched remotely. The exploit is now public and may be used.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

21
  • cpe:2.3:o:dlink:dnr-202l_firmware:*:*:*:*:*:*:*:*
    Range: <=2026-02-05
  • cpe:2.3:o:dlink:dnr-326_firmware:*:*:*:*:*:*:*:*
    Range: <=2026-02-05
  • cpe:2.3:o:dlink:dns-1100-4_firmware:*:*:*:*:*:*:*:*
    Range: <=2026-02-05
  • cpe:2.3:o:dlink:dns-1200-05_firmware:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:dlink:dns-1200-05_firmware:*:*:*:*:*:*:*:*range: <=2026-02-05
    • cpe:2.3:o:dlink:dns-120_firmware:*:*:*:*:*:*:*:*range: <=2026-02-05
  • cpe:2.3:o:dlink:dns-1550-04_firmware:*:*:*:*:*:*:*:*
    Range: <=2026-02-05
  • cpe:2.3:o:dlink:dns-315l_firmware:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:dlink:dns-315l_firmware:*:*:*:*:*:*:*:*range: <=2026-02-05
    • cpe:2.3:o:dlink:dns-320l_firmware:*:*:*:*:*:*:*:*range: <=2026-02-05
    • cpe:2.3:o:dlink:dns-325_firmware:*:*:*:*:*:*:*:*range: <=2026-02-05
  • cpe:2.3:o:dlink:dns-320_firmware:*:*:*:*:*:*:*:*
    Range: <=2026-02-05
  • cpe:2.3:o:dlink:dns-320lw_firmware:*:*:*:*:*:*:*:*
    Range: <=2026-02-05
  • cpe:2.3:o:dlink:dns-321_firmware:*:*:*:*:*:*:*:*
    Range: <=2026-02-05
  • cpe:2.3:o:dlink:dns-322l_firmware:*:*:*:*:*:*:*:*
    Range: <=2026-02-05
  • cpe:2.3:o:dlink:dns-323_firmware:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:dlink:dns-323_firmware:*:*:*:*:*:*:*:*range: <=2026-02-05
    • cpe:2.3:o:dlink:dns-327l_firmware:*:*:*:*:*:*:*:*range: <=2026-02-05
  • cpe:2.3:o:dlink:dns-326_firmware:*:*:*:*:*:*:*:*
    Range: <=2026-02-05
  • cpe:2.3:o:dlink:dns-340l_firmware:*:*:*:*:*:*:*:*
    Range: <=2026-02-05
  • cpe:2.3:o:dlink:dns-343_firmware:*:*:*:*:*:*:*:*
    Range: <=2026-02-05
  • cpe:2.3:o:dlink:dns-345_firmware:*:*:*:*:*:*:*:*
    Range: <=2026-02-05
  • cpe:2.3:o:dlink:dns-726-4_firmware:*:*:*:*:*:*:*:*
    Range: <=2026-02-05
  • Dlink/DNS-320llm-fuzzy
    Range: <=20260205

Patches

Vulnerability mechanics

References

13

News mentions

0

No linked articles in our index yet.

CVE-2026-4203 · Medium · VYPR