📄 Description (English)
A vulnerability was determined in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The affected element is the function cgi_adduser_to_session of the file /cgi-bin/account_mgr.cgi. This manipulation of the argument read_list causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
🤖
Queued for AI Analysis
This CVE will be auto-analyzed on the next cron run.
🔗 References & Sources 5
🔗
https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_168/168.md
cna@vuldb.com
Exploit
Third Party Advisory
🔗
https://vuldb.com/submit/780437
cna@vuldb.com
Third Party Advisory
VDB Entry
🔗
https://vuldb.com/vuln/354350
cna@vuldb.com
Third Party Advisory
VDB Entry
🔗
https://vuldb.com/vuln/354350/cti
cna@vuldb.com
Permissions Required
VDB Entry
🔗
https://www.dlink.com/
cna@vuldb.com
Product
📦 Affected Products / CPE 20 entries
dlink:dnr-202l_firmware
dlink:dnr-326_firmware
dlink:dns-1100-4_firmware
dlink:dns-120_firmware
dlink:dns-1200-05_firmware
dlink:dns-1550-04_firmware
dlink:dns-315l_firmware
dlink:dns-320_firmware
dlink:dns-320l_firmware
dlink:dns-320lw_firmware
dlink:dns-321_firmware
dlink:dns-322l_firmware
dlink:dns-323_firmware
dlink:dns-325_firmware
dlink:dns-326_firmware
dlink:dns-327l_firmware
dlink:dns-340l_firmware
dlink:dns-343_firmware
dlink:dns-345_firmware
dlink:dns-726-4_firmware