CVE-2026-5213 | D-Link DNS-1550-04 up to 20260205 /cgi-bin/account_mgr.cgi cgi_adduser_to_session read_list stack-based overflow

A vulnerability identified as critical has been detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The affected element is the function cgi_adduser_to_session of the file /cgi-bin/account_mgr.cgi. This manipulation of the argument read_list causes stack-based buffer overflow.

The identification of this vulnerability is CVE-2026-5213. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

CVE-2026-5213 | D-Link DNS-1550-04 up to 20260205 /cgi-bin/account_mgr.cgi cgi_adduser_to_session read_list stack-based overflow

Post correlati

CVE-2024-45001 | Linux Kernel up to 6.6.47/6.10.6 napi_build_skb buffer overflow (65f20b174ec0/e6bea6a45f8a/32316f676b4e)

CVE-2026-2534 | Comfast CF-N1 V2 2.6.0.2 mbox-config?method=SET&section=ptest_bandwidth sub_44AC4C command injection

CVE-2025-4074 | PHPGurukul Curfew e-Pass Management System 1.0 pass-bwdates-report.php fromdate/todate sql injection

CVE-2024-29831 | Apache DolphinScheduler up to 3.2.1 code injection