A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-…

A stack-based buffer overflow vulnerability (CVE-2026-5212) has been discovered in multiple D-Link network devices including DNS and DNR series models up to version 20260205. The vulnerability affects the Webdav_Upload_File function in /cgi-bin/webdav_mgr.cgi through manipulation of the f_file argument. This security flaw can be exploited remotely and public exploits are available. The vulnerability impacts over 20 different D-Link device models including DNS-120, DNS-320 series, DNS-1100-4, and others. Given the remote exploitation capability and public disclosure of exploits, this represents a significant security risk for affected D-Link infrastructure devices.