CVE-2026-4207 | D-Link DNS-1550-04 up to 20260205 /cgi-bin/system_mgr.cgi command injection

A vulnerability described as critical has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This impacts the function cgi_device/cgi_sms_test/cgi_firmware_upload/cgi_ntp_time of the file /cgi-bin/system_mgr.cgi. Executing a manipulation can lead to command injection.

This vulnerability appears as CVE-2026-4207. The attack may be performed from remote. In addition, an exploit is available.

CVE-2026-4207 | D-Link DNS-1550-04 up to 20260205 /cgi-bin/system_mgr.cgi command injection

Post correlati

CVE-2023-4311 | Vrm 360 3D Model Viewer Plugin up to 1.2.1 on WordPress Shortcode unrestricted upload

CVE-2024-3050 | Paul Ryley Site Reviews Plugin up to 6.x on WordPress Header authentication spoofing

CVE-2025-48500 | F5 BIG-IP APM up to 15.1.10/16.1.6/17.1.2/17.5.1 integrity check (K000151782)

CVE-2024-23212 | Apple watchOS memory corruption