CVE-2026-4205 | D-Link DNS-1550-04 up to 20260205 /cgi-bin/app_mgr.cgi command injection

A vulnerability labeled as critical has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The impacted element is the function cgi_refresh_db/FTP_Server_BlockIP_Add/FTP_Server_BlockIP_Del of the file /cgi-bin/app_mgr.cgi. Such manipulation leads to command injection.

This vulnerability is documented as CVE-2026-4205. The attack can be executed remotely. Additionally, an exploit exists.

CVE-2026-4205 | D-Link DNS-1550-04 up to 20260205 /cgi-bin/app_mgr.cgi command injection

Post correlati

CVE-2024-37380 | Ubiquiti UniFi U6+ Access Point up to 6.6.73 VLAN Traffic access control

CVE-2024-9321 | SourceCodester Online Railway Reservation System 1.0 view_details.php id access control

CVE-2024-31819 | WWBN Avideo up to 12.4/14.2 submitIndex.php systemRootPath Privilege Escalation

CVE-2024-48866 | QNAP QTS/QuTS hero URL url encoding (qsa-24-49)