VYPR
Medium severity6.3NVD Advisory· Published Mar 16, 2026· Updated Apr 29, 2026

CVE-2026-4207

CVE-2026-4207

Description

A vulnerability was determined in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This impacts the function cgi_device/cgi_sms_test/cgi_firmware_upload/cgi_ntp_time of the file /cgi-bin/system_mgr.cgi. Executing a manipulation can lead to command injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

23
  • cpe:2.3:o:dlink:dnr-202l_firmware:*:*:*:*:*:*:*:*
    Range: <=2026-02-05
  • cpe:2.3:o:dlink:dnr-326_firmware:*:*:*:*:*:*:*:*
    Range: <=2026-02-05
  • cpe:2.3:o:dlink:dns-1100-4_firmware:*:*:*:*:*:*:*:*
    Range: <=2026-02-05
  • cpe:2.3:o:dlink:dns-1200-05_firmware:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:dlink:dns-1200-05_firmware:*:*:*:*:*:*:*:*range: <=2026-02-05
    • cpe:2.3:o:dlink:dns-120_firmware:*:*:*:*:*:*:*:*range: <=2026-02-05
  • cpe:2.3:o:dlink:dns-1550-04_firmware:*:*:*:*:*:*:*:*
    Range: <=2026-02-05
  • cpe:2.3:o:dlink:dns-315l_firmware:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:dlink:dns-315l_firmware:*:*:*:*:*:*:*:*range: <=2026-02-05
    • cpe:2.3:o:dlink:dns-320l_firmware:*:*:*:*:*:*:*:*range: <=2026-02-05
    • cpe:2.3:o:dlink:dns-325_firmware:*:*:*:*:*:*:*:*range: <=2026-02-05
  • cpe:2.3:o:dlink:dns-320_firmware:*:*:*:*:*:*:*:*
    Range: <=2026-02-05
  • cpe:2.3:o:dlink:dns-320lw_firmware:*:*:*:*:*:*:*:*
    Range: <=2026-02-05
  • cpe:2.3:o:dlink:dns-321_firmware:*:*:*:*:*:*:*:*
    Range: <=2026-02-05
  • cpe:2.3:o:dlink:dns-322l_firmware:*:*:*:*:*:*:*:*
    Range: <=2026-02-05
  • cpe:2.3:o:dlink:dns-323_firmware:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:dlink:dns-323_firmware:*:*:*:*:*:*:*:*range: <=2026-02-05
    • cpe:2.3:o:dlink:dns-327l_firmware:*:*:*:*:*:*:*:*range: <=2026-02-05
  • cpe:2.3:o:dlink:dns-326_firmware:*:*:*:*:*:*:*:*
    Range: <=2026-02-05
  • cpe:2.3:o:dlink:dns-340l_firmware:*:*:*:*:*:*:*:*
    Range: <=2026-02-05
  • cpe:2.3:o:dlink:dns-343_firmware:*:*:*:*:*:*:*:*
    Range: <=2026-02-05
  • cpe:2.3:o:dlink:dns-345_firmware:*:*:*:*:*:*:*:*
    Range: <=2026-02-05
  • cpe:2.3:o:dlink:dns-726-4_firmware:*:*:*:*:*:*:*:*
    Range: <=2026-02-05
  • Dlink/DNR-326llm-create
    Range: <= 20260205
  • Dlink/DNS-1550-04llm-create
    Range: <= 20260205
  • Dlink/DNS-320llm-fuzzy
    Range: <= 20260205

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.