CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-8273

A weakness has been identified in D-Link DNS-320 2.06B01. This impacts the function cgi_set_host/cgi_set_ntp/cgi_fan_control/cgi_merge_user of the file /cgi-bin/system_mgr.cgi. This manipulation causes os command injection. It is possible to initiate the attack remotely.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 30.9%

CVSS Severity

CVSS v3 Score 4.7

CVSS v2 Score 5.8

References

https://github.com/dxz0069/WAVLINK-WN530H4-Command-Injection-in-set_add_routing/blob/main/D-Link%20DNS-320%20%20system_mgraccount_mgrdsk_mgrapp_mgr%20Multiple%20CGI%20OS%20Command%20Injection.md
https://vuldb.com/submit/810082
https://vuldb.com/vuln/362570
https://vuldb.com/vuln/362570/cti
https://www.dlink.com/
https://github.com/dxz0069/WAVLINK-WN530H4-Command-Injection-in-set_add_routing/blob/main/D-Link%20DNS-320%20%20system_mgraccount_mgrdsk_mgrapp_mgr%20Multiple%20CGI%20OS%20Command%20Injection.md
https://vuldb.com/submit/810082

Products affected by CVE-2026-8273

Dlink » Dns-320 » Version: N/A

cpe:2.3:h:dlink:dns-320:-
Dlink » Dns-320 Firmware » Version: 2.06b01

cpe:2.3:o:dlink:dns-320_firmware:2.06b01

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-8273

Products

Pricing

Contact Us