Medium severity5.3NVD Advisory· Published Apr 1, 2026· Updated Apr 7, 2026

CVE-2026-5311

Description

A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function Webdav_Access_List of the file /cgi-bin/file_center.cgi. Performing a manipulation of the argument cmd results in improper access controls. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.

Affected products

Dlink/Dnr 202l Firmware
cpe:2.3:o:dlink:dnr-202l_firmware:*:*:*:*:*:*:*:*
Range: <=2026-02-05
Dlink/Dnr 326 Firmware
cpe:2.3:o:dlink:dnr-326_firmware:*:*:*:*:*:*:*:*
Range: <=2026-02-05
Dlink/Dns 1100 4 Firmware
cpe:2.3:o:dlink:dns-1100-4_firmware:*:*:*:*:*:*:*:*
Range: <=2026-02-05
Dlink/Dns 1200 05 Firmware
cpe:2.3:o:dlink:dns-1200-05_firmware:*:*:*:*:*:*:*:*
Range: <=2026-02-05
Dlink/Dns 120 Firmware
cpe:2.3:o:dlink:dns-120_firmware:*:*:*:*:*:*:*:*
Range: <=2026-02-05
Dlink/Dns 1550 04 Firmware
cpe:2.3:o:dlink:dns-1550-04_firmware:*:*:*:*:*:*:*:*
Range: <=2026-02-05
Dlink/Dns 315l Firmware
cpe:2.3:o:dlink:dns-315l_firmware:*:*:*:*:*:*:*:*
Range: <=2026-02-05
Dlink/Dns 320 Firmware
cpe:2.3:o:dlink:dns-320_firmware:*:*:*:*:*:*:*:*
Range: <=2026-02-05
Dlink/Dns 320l Firmware
cpe:2.3:o:dlink:dns-320l_firmware:*:*:*:*:*:*:*:*
Range: <=2026-02-05
Dlink/Dns 320lw Firmware
cpe:2.3:o:dlink:dns-320lw_firmware:*:*:*:*:*:*:*:*
Range: <=2026-02-05
Dlink/Dns 321 Firmware
cpe:2.3:o:dlink:dns-321_firmware:*:*:*:*:*:*:*:*
Range: <=2026-02-05
Dlink/Dns 322l Firmware
cpe:2.3:o:dlink:dns-322l_firmware:*:*:*:*:*:*:*:*
Range: <=2026-02-05
Dlink/Dns 323 Firmware
cpe:2.3:o:dlink:dns-323_firmware:*:*:*:*:*:*:*:*
Range: <=2026-02-05
Dlink/Dns 325 Firmware
cpe:2.3:o:dlink:dns-325_firmware:*:*:*:*:*:*:*:*
Range: <=2026-02-05
Dlink/Dns 326 Firmware
cpe:2.3:o:dlink:dns-326_firmware:*:*:*:*:*:*:*:*
Range: <=2026-02-05
Dlink/Dns 327l Firmware
cpe:2.3:o:dlink:dns-327l_firmware:*:*:*:*:*:*:*:*
Range: <=2026-02-05
Dlink/Dns 340l Firmware
cpe:2.3:o:dlink:dns-340l_firmware:*:*:*:*:*:*:*:*
Range: <=2026-02-05
Dlink/Dns 343 Firmware
cpe:2.3:o:dlink:dns-343_firmware:*:*:*:*:*:*:*:*
Range: <=2026-02-05
Dlink/Dns 345 Firmware
cpe:2.3:o:dlink:dns-345_firmware:*:*:*:*:*:*:*:*
Range: <=2026-02-05
Dlink/Dns 726 4 Firmware
cpe:2.3:o:dlink:dns-726-4_firmware:*:*:*:*:*:*:*:*
Range: <=2026-02-05

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_171/171.mdnvdExploitThird Party Advisory
vuldb.com/submit/780441nvdThird Party AdvisoryVDB Entry
vuldb.com/vuln/354640nvdThird Party AdvisoryVDB Entry
vuldb.com/vuln/354640/ctinvdPermissions RequiredVDB Entry
www.dlink.comnvdProduct

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000