Vulnerability Details CVE-2026-4213
A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This vulnerability affects the function cgi_myfavorite_del_user/cgi_myfavorite_verify of the file /cgi-bin/gui_mgr.cgi. Performing a manipulation results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 24.4%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.0
References
Products affected by CVE-2026-4213
-
cpe:2.3:h:dlink:dnr-202l:-
-
cpe:2.3:h:dlink:dnr-326:-
-
cpe:2.3:h:dlink:dns-1100-4:-
-
cpe:2.3:h:dlink:dns-1200-05:-
-
cpe:2.3:h:dlink:dns-120:-
-
cpe:2.3:h:dlink:dns-1550-04:-
-
cpe:2.3:h:dlink:dns-315l:-
-
cpe:2.3:h:dlink:dns-320:-
-
cpe:2.3:h:dlink:dns-320l:-
-
cpe:2.3:h:dlink:dns-320lw:-
-
cpe:2.3:h:dlink:dns-321:-
-
cpe:2.3:h:dlink:dns-322l:-
-
cpe:2.3:h:dlink:dns-323:-
-
cpe:2.3:h:dlink:dns-325:-
-
cpe:2.3:h:dlink:dns-326:-
-
cpe:2.3:h:dlink:dns-327l:-
-
cpe:2.3:h:dlink:dns-340l:-
-
cpe:2.3:h:dlink:dns-343:-
-
cpe:2.3:h:dlink:dns-345:-
-
cpe:2.3:h:dlink:dns-726-4:-
-
cpe:2.3:o:dlink:dnr-202l_firmware:-
-
cpe:2.3:o:dlink:dnr-326_firmware:-
-
cpe:2.3:o:dlink:dnr-326_firmware:1.40b03
-
cpe:2.3:o:dlink:dns-1100-4_firmware:-
-
cpe:2.3:o:dlink:dns-1200-05_firmware:-
-
cpe:2.3:o:dlink:dns-120_firmware:-
-
cpe:2.3:o:dlink:dns-1550-04_firmware:-
-
cpe:2.3:o:dlink:dns-315l_firmware:-
-
cpe:2.3:o:dlink:dns-320_firmware:-
-
cpe:2.3:o:dlink:dns-320_firmware:2.00
-
cpe:2.3:o:dlink:dns-320_firmware:2.02
-
cpe:2.3:o:dlink:dns-320_firmware:2.02b01
-
cpe:2.3:o:dlink:dns-320_firmware:2.03
-
cpe:2.3:o:dlink:dns-320_firmware:2.05
-
cpe:2.3:o:dlink:dns-320_firmware:2.05.b10
-
cpe:2.3:o:dlink:dns-320_firmware:2.06b01
-
cpe:2.3:o:dlink:dns-320l_firmware:-
-
cpe:2.3:o:dlink:dns-320l_firmware:1.01.0702.2013
-
cpe:2.3:o:dlink:dns-320l_firmware:1.03.0904.2013
-
cpe:2.3:o:dlink:dns-320l_firmware:1.03b04
-
cpe:2.3:o:dlink:dns-320l_firmware:1.11
-
cpe:2.3:o:dlink:dns-320lw_firmware:-
-
cpe:2.3:o:dlink:dns-320lw_firmware:1.03b04
-
cpe:2.3:o:dlink:dns-321_firmware:-
-
cpe:2.3:o:dlink:dns-322l_firmware:2.00b07
-
cpe:2.3:o:dlink:dns-323_firmware:-
-
cpe:2.3:o:dlink:dns-325_firmware:-
-
cpe:2.3:o:dlink:dns-325_firmware:1.01
-
cpe:2.3:o:dlink:dns-325_firmware:1.05b03
-
cpe:2.3:o:dlink:dns-326_firmware:-
-
cpe:2.3:o:dlink:dns-327l_firmware:-
-
cpe:2.3:o:dlink:dns-327l_firmware:1.00.0409.2013
-
cpe:2.3:o:dlink:dns-327l_firmware:1.02
-
cpe:2.3:o:dlink:dns-327l_firmware:1.09
-
cpe:2.3:o:dlink:dns-340l_firmware:-
-
cpe:2.3:o:dlink:dns-340l_firmware:1.08
-
cpe:2.3:o:dlink:dns-343_firmware:-
-
cpe:2.3:o:dlink:dns-343_firmware:1.0.5
-
cpe:2.3:o:dlink:dns-345_firmware:-
-
cpe:2.3:o:dlink:dns-345_firmware:1.03b06
-
cpe:2.3:o:dlink:dns-726-4_firmware:-