📄 Description (English)
A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This issue affects the function Webdav_Upload_File of the file /cgi-bin/webdav_mgr.cgi. The manipulation of the argument f_file leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
🤖 AI Executive Summary
A critical stack-based buffer overflow vulnerability exists in D-Link NAS devices (DNS and DNR series) affecting the WebDAV upload functionality. The vulnerability allows unauthenticated remote attackers to execute arbitrary code by sending a specially crafted file upload request. With CVSS 8.8 and publicly disclosed exploits available, this poses an immediate threat to organizations using these devices for data storage and backup.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: Apr 23, 2026 16:03
🇸🇦 Saudi Arabia Impact Assessment
Saudi organizations in banking (SAMA-regulated institutions), government agencies (NCA oversight), healthcare facilities, and energy sector (ARAMCO and subsidiaries) are at significant risk. D-Link NAS devices are widely deployed for centralized backup and file storage across these critical sectors. Exploitation could lead to data exfiltration, ransomware deployment, and operational disruption. Telecom operators (STC, Mobily) using these devices for network infrastructure backups face service continuity risks. The lack of available patches creates an extended vulnerability window.
🏢 Affected Saudi Sectors
Banking and Financial Services
Government and Public Administration
Healthcare and Medical Facilities
Energy and Utilities
Telecommunications
Education
Manufacturing
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
9.2
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Identify all D-Link DNS/DNR devices in your environment using network scanning tools
2. Disable WebDAV functionality immediately if not required for operations
3. Restrict network access to affected devices using firewall rules - block port 8080 and WebDAV ports (80, 443, 8008) from untrusted networks
4. Implement network segmentation to isolate NAS devices on dedicated VLANs
5. Monitor for suspicious WebDAV upload attempts in device logs
PATCHING GUIDANCE:
- Contact D-Link support for firmware updates as patches become available
- Establish a patch management process for immediate deployment once released
- Consider device replacement if patches are not released within 90 days
COMPENSATING CONTROLS:
1. Deploy Web Application Firewall (WAF) rules to detect and block malformed WebDAV requests
2. Implement intrusion detection/prevention systems (IDS/IPS) with signatures for CVE-2026-5212
3. Enable authentication for WebDAV access and enforce strong credentials
4. Deploy endpoint detection and response (EDR) on systems accessing NAS devices
5. Implement file integrity monitoring on NAS storage
DETECTION RULES:
- Monitor for POST/PUT requests to /cgi-bin/webdav_mgr.cgi with oversized f_file parameters
- Alert on WebDAV requests with payloads exceeding normal file sizes
- Track failed authentication attempts followed by WebDAV upload attempts
- Monitor for unexpected process execution originating from NAS device IP addresses
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع أجهزة D-Link DNS/DNR في بيئتك باستخدام أدوات المسح
2. تعطيل وظيفة WebDAV فوراً إذا لم تكن مطلوبة للعمليات
3. تقييد الوصول إلى الأجهزة المتأثرة باستخدام قواعد جدار الحماية - حظر المنافذ 8080 و WebDAV
4. تطبيق تقسيم الشبكة لعزل أجهزة NAS على شبكات افتراضية مخصصة
5. مراقبة محاولات تحميل WebDAV المريبة في سجلات الجهاز
إرشادات التصحيح:
- التواصل مع دعم D-Link للحصول على تحديثات البرامج الثابتة
- إنشاء عملية إدارة التصحيحات للنشر الفوري عند توفرها
- النظر في استبدال الجهاز إذا لم يتم إصدار التصحيحات خلال 90 يوماً
الضوابط البديلة:
1. نشر قواعد جدار تطبيقات الويب (WAF) للكشف عن طلبات WebDAV المشوهة
2. تطبيق أنظمة الكشف/الوقاية من الاختراق (IDS/IPS) مع توقيعات CVE-2026-5212
3. تفعيل المصادقة لوصول WebDAV وفرض بيانات اعتماد قوية
4. نشر الكشف والاستجابة على نقاط النهاية (EDR) على الأنظمة التي تصل إلى أجهزة NAS
5. تطبيق مراقبة سلامة الملفات على تخزين NAS
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.12.6.1 - Management of technical vulnerabilities
ECC 2024 A.14.2.1 - Secure development policy
ECC 2024 A.12.2.1 - Monitoring and logging
ECC 2024 A.13.1.1 - Network security perimeter
🔵 SAMA CSF
ID.RA-1 - Asset management and vulnerability identification
PR.IP-12 - System and information integrity
DE.CM-1 - Detection and analysis
RS.RP-1 - Response planning
🟡 ISO 27001:2022
A.12.6.1 - Management of technical vulnerabilities
A.14.2.1 - Secure development policy and procedures
A.12.2.1 - Information and other assets associated with information processing facilities
A.13.1.1 - Network security perimeter
🟣 PCI DSS v4.0.1
Requirement 6.2 - Security patches and updates
Requirement 11.2 - Vulnerability scanning
Requirement 12.2 - Configuration standards
🔗 References & Sources 6
🔗
https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_166/166.md
cna@vuldb.com
Exploit
Third Party Advisory
🔗
https://vuldb.com/submit/780435
cna@vuldb.com
Third Party Advisory
VDB Entry
🔗
https://vuldb.com/submit/780436
cna@vuldb.com
Third Party Advisory
VDB Entry
🔗
https://vuldb.com/vuln/354348
cna@vuldb.com
Third Party Advisory
VDB Entry
🔗
https://vuldb.com/vuln/354348/cti
cna@vuldb.com
Permissions Required
VDB Entry
🔗
https://www.dlink.com/
cna@vuldb.com
Product
📦 Affected Products / CPE 20 entries
dlink:dnr-202l_firmware
dlink:dnr-326_firmware
dlink:dns-1100-4_firmware
dlink:dns-120_firmware
dlink:dns-1200-05_firmware
dlink:dns-1550-04_firmware
dlink:dns-315l_firmware
dlink:dns-320_firmware
dlink:dns-320l_firmware
dlink:dns-320lw_firmware
dlink:dns-321_firmware
dlink:dns-322l_firmware
dlink:dns-323_firmware
dlink:dns-325_firmware
dlink:dns-326_firmware
dlink:dns-327l_firmware
dlink:dns-340l_firmware
dlink:dns-343_firmware
dlink:dns-345_firmware
dlink:dns-726-4_firmware