A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-…

Published:

15 maart 2026 om 23:00:00

Alert date:

16 maart 2026 om 16:21:26

Source:

nvd.nist.gov

Network Infrastructure, Mobile & IoT

A critical stack-based buffer overflow vulnerability has been identified in multiple D-Link NAS devices including DNS and DNR series models. The vulnerability affects the Local_Backup_Info function in /cgi-bin/local_backup_mgr.cgi file through manipulation of the f_idx argument. The flaw can be exploited remotely and public exploit code is available, making it a high-priority security concern. Affected devices include over 20 different D-Link NAS models up to firmware version 20260205. The vulnerability poses significant risk due to its remote exploitability and publicly available exploit code.

Technical details

Mitigation steps:

Affected products:

D-Link DNS-120
D-Link DNR-202L
D-Link DNS-315L
D-Link DNS-320
D-Link DNS-320L
D-Link DNS-320LW
D-Link DNS-321
D-Link DNR-322L
D-Link DNS-323
D-Link DNS-325
D-Link DNS-326
D-Link DNS-327L
D-Link DNR-326
D-Link DNS-340L
D-Link DNS-343
D-Link DNS-345
D-Link DNS-726-4
D-Link DNS-1100-4
D-Link DNS-1200-05
D-Link DNS-1550-04