← voltar
CVE-2026-4197

D-Link DNS-1550-04 download_mgr.cgi RSS_Item_List command injection

CVSS 5.3 MEDIUMEPSS 16.8%CWE-74CWE-77
A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function RSS_Get_Update_Status/RSS_Update/RSS_Channel_AutoDownlaod/RSS_Add/RSS_Channel_Item_Downlaod/RSS_History_Item_List/RSS_Item_List of the file /cgi-bin/download_mgr.cgi. The manipulation results in command injection. The attack may be performed from remote. The exploit has been made public and could be used.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Produtos afetados
D-Link · DNR-202LD-Link · DNR-322LD-Link · DNR-326D-Link · DNS-1100-4D-Link · DNS-120D-Link · DNS-1200-05D-Link · DNS-1550-04D-Link · DNS-315LD-Link · DNS-320D-Link · DNS-320LD-Link · DNS-320LWD-Link · DNS-321D-Link · DNS-323D-Link · DNS-325D-Link · DNS-326D-Link · DNS-327LD-Link · DNS-340LD-Link · DNS-343D-Link · DNS-345D-Link · DNS-726-4

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_102/102.mdhttps://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_103/103.mdhttps://vuldb.com/?ctiid.351109https://vuldb.com/?id.351109https://vuldb.com/?submit.769864https://vuldb.com/?submit.769865https://vuldb.com/?submit.769866https://vuldb.com/?submit.769867https://vuldb.com/?submit.769868https://vuldb.com/?submit.769869https://vuldb.com/?submit.769870https://vuldb.com/?submit.770363