CVE-2026-4203 | D-Link DNS-1550-04 up to 20260205 /cgi-bin/network_mgr.cgi command injection

A vulnerability categorized as critical has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Impacted is the function

cgi_portforwarding_add/cgi_portforwarding_del/cgi_portforwarding_modify/cgi_portforwarding_add_scan/cgi_dhcpd_lease/cgi_ddns/cgi_ip/cgi_dhcpd

of the file /cgi-bin/network_mgr.cgi. The manipulation results in command injection.

This vulnerability is cataloged as CVE-2026-4203. The attack may be launched remotely. Furthermore, there is an exploit available.

CVE-2026-4203 | D-Link DNS-1550-04 up to 20260205 /cgi-bin/network_mgr.cgi command injection

Post correlati

CVE-2024-2657 | Font Farsi Plugin up to 1.6.6 on WordPress cross site scripting

CVE-2025-22544 | Mind Doodle Visual Sitemaps & Tasks Plugin up to 1.6 on WordPress cross site scripting

CVE-2025-0247 | Mozilla Firefox up to 132.x memory corruption

CVE-2025-5639 | PHPGurukul Notice Board System 1.0 /forgot-password.php email sql injection