CVE-2026-5312 (GCVE-0-2026-5312)

Vulnerability from cvelistv5 – Published: 2026-04-01 20:30 – Updated: 2026-04-02 13:13
VLAI?
Title
D-Link DNS-1550-04 dsk_mgr.cgi Get_current_raidtype access control
Summary
A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected by this vulnerability is the function FMT_restart/Status_HDInfo/SMART_List/ScanDisk_info/ScanDisk/volume_status/Get_Volume_Mapping/FMT_check_disk_remount_state/FMT_rebuildinfo/FMT_result_list/FMT_result_list_phy/FMT_get_dminfo/FMT_manually_rebuild_info/Get_current_raidtype of the file /cgi-bin/dsk_mgr.cgi. Executing a manipulation can lead to improper access controls. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.
Severity ?
6.9 (Medium)
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
5.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
5.3 (Medium)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
CWE
  • CWE-284 - Improper Access Controls
  • CWE-266 - Incorrect Privilege Assignment
Assigner
References
Impacted products
Vendor Product Version
D-Link DNS-120 Affected: 20260205
Create a notification for this product.
    D-Link DNR-202L Affected: 20260205
Create a notification for this product.
    D-Link DNS-315L Affected: 20260205
Create a notification for this product.
    D-Link DNS-320 Affected: 20260205
Create a notification for this product.
    D-Link DNS-320L Affected: 20260205
Create a notification for this product.
    D-Link DNS-320LW Affected: 20260205
Create a notification for this product.
    D-Link DNS-321 Affected: 20260205
Create a notification for this product.
    D-Link DNR-322L Affected: 20260205
Create a notification for this product.
    D-Link DNS-323 Affected: 20260205
Create a notification for this product.
    D-Link DNS-325 Affected: 20260205
Create a notification for this product.
    D-Link DNS-326 Affected: 20260205
Create a notification for this product.
    D-Link DNS-327L Affected: 20260205
Create a notification for this product.
    D-Link DNR-326 Affected: 20260205
Create a notification for this product.
    D-Link DNS-340L Affected: 20260205
Create a notification for this product.
    D-Link DNS-343 Affected: 20260205
Create a notification for this product.
    D-Link DNS-345 Affected: 20260205
Create a notification for this product.
    D-Link DNS-726-4 Affected: 20260205
Create a notification for this product.
    D-Link DNS-1100-4 Affected: 20260205
Create a notification for this product.
    D-Link DNS-1200-05 Affected: 20260205
Create a notification for this product.
    D-Link DNS-1550-04 Affected: 20260205
Create a notification for this product.
Credits
Ziyue Xie (VulDB User)
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-5312",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-02T13:12:44.950286Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-02T13:13:05.014Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DNS-120",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNR-202L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-315L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-320",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-320L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-320LW",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-321",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNR-322L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-323",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-325",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-326",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-327L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNR-326",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-340L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-343",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-345",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-726-4",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-1100-4",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-1200-05",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-1550-04",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Ziyue Xie (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected by this vulnerability is the function FMT_restart/Status_HDInfo/SMART_List/ScanDisk_info/ScanDisk/volume_status/Get_Volume_Mapping/FMT_check_disk_remount_state/FMT_rebuildinfo/FMT_result_list/FMT_result_list_phy/FMT_get_dminfo/FMT_manually_rebuild_info/Get_current_raidtype of the file /cgi-bin/dsk_mgr.cgi. Executing a manipulation can lead to improper access controls. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper Access Controls",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "Incorrect Privilege Assignment",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-01T20:30:15.569Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-354641 | D-Link DNS-1550-04 dsk_mgr.cgi Get_current_raidtype access control",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/vuln/354641"
        },
        {
          "name": "VDB-354641 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/354641/cti"
        },
        {
          "name": "Submit #780442 | D-Link DNS-120/202L/315L/320/320L/320LW/321/322L/323/325/326/327L/326/340L/343/345/726-4/1100-4/1200-05/1550-04 up to 20260205 Improper Access Controls",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/780442"
        },
        {
          "name": "Submit #780443 | D-Link DNS-120/202L/315L/320/320L/320LW/321/322L/323/325/326/327L/326/340L/343/345/726-4/1100-4/1200-05/1550-04 up to 20260205 Improper Access Controls (Duplicate)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/780443"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_172/172.md"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_173/173.md"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.dlink.com/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-04-01T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-04-01T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-04-01T14:18:51.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "D-Link DNS-1550-04 dsk_mgr.cgi Get_current_raidtype access control"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-5312",
    "datePublished": "2026-04-01T20:30:15.569Z",
    "dateReserved": "2026-04-01T12:13:37.400Z",
    "dateUpdated": "2026-04-02T13:13:05.014Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-5312",
      "date": "2026-04-15",
      "epss": "0.00084",
      "percentile": "0.24389"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-5312\",\"sourceIdentifier\":\"cna@vuldb.com\",\"published\":\"2026-04-01T21:17:03.613\",\"lastModified\":\"2026-04-07T15:42:59.280\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected by this vulnerability is the function FMT_restart/Status_HDInfo/SMART_List/ScanDisk_info/ScanDisk/volume_status/Get_Volume_Mapping/FMT_check_disk_remount_state/FMT_rebuildinfo/FMT_result_list/FMT_result_list_phy/FMT_get_dminfo/FMT_manually_rebuild_info/Get_current_raidtype of the file /cgi-bin/dsk_mgr.cgi. Executing a manipulation can lead to improper access controls. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"LOW\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"PROOF_OF_CONCEPT\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-266\"},{\"lang\":\"en\",\"value\":\"CWE-284\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dns-1550-04_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2026-02-05\",\"matchCriteriaId\":\"FAE008F5-7F73-4572-B575-FF0AD3FA2A78\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dns-1550-04:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E691E775-382C-4BA9-AA44-FBC3148D3E54\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dns-315l_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2026-02-05\",\"matchCriteriaId\":\"0D1F595A-2595-4D20-A7F7-D0D954F72554\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dns-315l:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03C5CED7-55A7-4026-95CD-A2ADB5853823\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dns-320_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2026-02-05\",\"matchCriteriaId\":\"8E07DE4E-1B8A-4B92-BBFB-7EAED86F04FB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dns-320:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0F5355E-F68D-49FE-9793-1FD9BD9AF3E1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dns-320l_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2026-02-05\",\"matchCriteriaId\":\"CF83B802-8DD9-48D3-9DAC-C24774163FA4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dns-320l:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C677E53-6885-4EC4-A7CC-E24E8F445F59\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dns-320lw_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2026-02-05\",\"matchCriteriaId\":\"7F8FFDF4-6DDA-4FD8-A0E8-19C31187DBAD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dns-320lw:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45467ABC-BAA9-4EB0-9F97-92E31854CA8B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dns-321_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2026-02-05\",\"matchCriteriaId\":\"37D1BADB-2F38-40B0-A709-098C89249763\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dns-321:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A278BC9-6197-43D9-93C2-3DF760856FB7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dns-322l_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2026-02-05\",\"matchCriteriaId\":\"984FFAAE-E211-4CDA-9C5A-663DCA8867E7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dns-322l:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"82DD4836-A87C-42CC-A41B-B97B1BCA4886\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dns-323_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2026-02-05\",\"matchCriteriaId\":\"90990A02-23AC-4A71-9095-C703C2F718CE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dns-323:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"94ED678A-AB4C-4637-B0D8-C232A0BB5D5F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dns-325_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2026-02-05\",\"matchCriteriaId\":\"3DCCD0CB-A8C6-455F-9888-A86BB933E68E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dns-325:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8042169D-D9FA-4BD6-90D1-E0DE269E42B9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dns-326_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2026-02-05\",\"matchCriteriaId\":\"7B8293E4-993E-43E8-8FD0-F76DF42F1EA1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dns-326:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D26F4F77-A6E3-4D7D-A781-BEB5FF7BC44F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dns-327l_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2026-02-05\",\"matchCriteriaId\":\"D4823E56-B773-4855-AAA1-204ECCB443F3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dns-327l:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB305B29-7F89-4A52-9ECF-3DB0BDD2350D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dns-340l_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2026-02-05\",\"matchCriteriaId\":\"70B8EE5F-52E8-48CC-A08B-0F18976078B2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dns-340l:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0646B20C-5642-4CEA-A96C-7E82AD94A281\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dns-343_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2026-02-05\",\"matchCriteriaId\":\"AE10B057-CB8F-4DAA-8F4F-790EC3D828A9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dns-343:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F968791D-D3BD-442C-818E-4E878B12776D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dns-345_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2026-02-05\",\"matchCriteriaId\":\"F90663BB-9C43-472F-9E79-91566C0DA82E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dns-345:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7E56821-7EA0-4CA1-BA17-7FD4ED9F794C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dns-726-4_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2026-02-05\",\"matchCriteriaId\":\"9CBA8638-A030-43BC-A86F-09BA6F9189B8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dns-726-4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"75E5010F-21BA-4B6B-B00C-2688268FD67B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dnr-202l_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2026-02-05\",\"matchCriteriaId\":\"E20A03F5-6985-4917-8E5B-48963FB62AF2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dnr-202l:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07A92F2C-16FD-4A53-8066-83FEC2818DF5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dnr-326_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2026-02-05\",\"matchCriteriaId\":\"926D7527-749C-4EDC-BF6A-76A199D5C1B5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dnr-326:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33CB308B-CF82-4E40-B2DC-23EBD48CD130\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dns-1100-4_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2026-02-05\",\"matchCriteriaId\":\"84EB9230-7817-44C4-B248-BA9C1CEC2A41\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dns-1100-4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5D08ED7-3E7F-4D30-890E-6535F6C34682\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dns-120_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2026-02-05\",\"matchCriteriaId\":\"F37C8F08-CEE9-4D2B-A273-B0AB57B874B5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dns-120:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E161E54-2FE9-4359-9B2D-8700D00DE8E7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dns-1200-05_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2026-02-05\",\"matchCriteriaId\":\"E85AC494-B63A-450E-BCDA-EC9C53A90A5A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dns-1200-05:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D042C75D-6731-46B2-B11E-A009B9029B3F\"}]}]}],\"references\":[{\"url\":\"https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_172/172.md\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_173/173.md\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://vuldb.com/submit/780442\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://vuldb.com/submit/780443\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://vuldb.com/vuln/354641\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://vuldb.com/vuln/354641/cti\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Permissions Required\",\"VDB Entry\"]},{\"url\":\"https://www.dlink.com/\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Product\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-5312\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-02T13:12:44.950286Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-02T13:12:54.206Z\"}}], \"cna\": {\"title\": \"D-Link DNS-1550-04 dsk_mgr.cgi Get_current_raidtype access control\", \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Ziyue Xie (VulDB User)\"}], \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 6.9, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P\"}}, {\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R\"}}, {\"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R\"}}, {\"cvssV2_0\": {\"version\": \"2.0\", \"baseScore\": 5, \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:ND/RC:UR\"}}], \"affected\": [{\"vendor\": \"D-Link\", \"product\": \"DNS-120\", \"versions\": [{\"status\": \"affected\", \"version\": \"20260205\"}]}, {\"vendor\": \"D-Link\", \"product\": \"DNR-202L\", \"versions\": [{\"status\": \"affected\", \"version\": \"20260205\"}]}, {\"vendor\": \"D-Link\", \"product\": \"DNS-315L\", \"versions\": [{\"status\": \"affected\", \"version\": \"20260205\"}]}, {\"vendor\": \"D-Link\", \"product\": \"DNS-320\", \"versions\": [{\"status\": \"affected\", \"version\": \"20260205\"}]}, {\"vendor\": \"D-Link\", \"product\": \"DNS-320L\", \"versions\": [{\"status\": \"affected\", \"version\": \"20260205\"}]}, {\"vendor\": \"D-Link\", \"product\": \"DNS-320LW\", \"versions\": [{\"status\": \"affected\", \"version\": \"20260205\"}]}, {\"vendor\": \"D-Link\", \"product\": \"DNS-321\", \"versions\": [{\"status\": \"affected\", \"version\": \"20260205\"}]}, {\"vendor\": \"D-Link\", \"product\": \"DNR-322L\", \"versions\": [{\"status\": \"affected\", \"version\": \"20260205\"}]}, {\"vendor\": \"D-Link\", \"product\": \"DNS-323\", \"versions\": [{\"status\": \"affected\", \"version\": \"20260205\"}]}, {\"vendor\": \"D-Link\", \"product\": \"DNS-325\", \"versions\": [{\"status\": \"affected\", \"version\": \"20260205\"}]}, {\"vendor\": \"D-Link\", \"product\": \"DNS-326\", \"versions\": [{\"status\": \"affected\", \"version\": \"20260205\"}]}, {\"vendor\": \"D-Link\", \"product\": \"DNS-327L\", \"versions\": [{\"status\": \"affected\", \"version\": \"20260205\"}]}, {\"vendor\": \"D-Link\", \"product\": \"DNR-326\", \"versions\": [{\"status\": \"affected\", \"version\": \"20260205\"}]}, {\"vendor\": \"D-Link\", \"product\": \"DNS-340L\", \"versions\": [{\"status\": \"affected\", \"version\": \"20260205\"}]}, {\"vendor\": \"D-Link\", \"product\": \"DNS-343\", \"versions\": [{\"status\": \"affected\", \"version\": \"20260205\"}]}, {\"vendor\": \"D-Link\", \"product\": \"DNS-345\", \"versions\": [{\"status\": \"affected\", \"version\": \"20260205\"}]}, {\"vendor\": \"D-Link\", \"product\": \"DNS-726-4\", \"versions\": [{\"status\": \"affected\", \"version\": \"20260205\"}]}, {\"vendor\": \"D-Link\", \"product\": \"DNS-1100-4\", \"versions\": [{\"status\": \"affected\", \"version\": \"20260205\"}]}, {\"vendor\": \"D-Link\", \"product\": \"DNS-1200-05\", \"versions\": [{\"status\": \"affected\", \"version\": \"20260205\"}]}, {\"vendor\": \"D-Link\", \"product\": \"DNS-1550-04\", \"versions\": [{\"status\": \"affected\", \"version\": \"20260205\"}]}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-04-01T00:00:00.000Z\", \"value\": \"Advisory disclosed\"}, {\"lang\": \"en\", \"time\": \"2026-04-01T02:00:00.000Z\", \"value\": \"VulDB entry created\"}, {\"lang\": \"en\", \"time\": \"2026-04-01T14:18:51.000Z\", \"value\": \"VulDB entry last update\"}], \"references\": [{\"url\": \"https://vuldb.com/vuln/354641\", \"name\": \"VDB-354641 | D-Link DNS-1550-04 dsk_mgr.cgi Get_current_raidtype access control\", \"tags\": [\"vdb-entry\", \"technical-description\"]}, {\"url\": \"https://vuldb.com/vuln/354641/cti\", \"name\": \"VDB-354641 | CTI Indicators (IOB, IOC, TTP, IOA)\", \"tags\": [\"signature\", \"permissions-required\"]}, {\"url\": \"https://vuldb.com/submit/780442\", \"name\": \"Submit #780442 | D-Link DNS-120/202L/315L/320/320L/320LW/321/322L/323/325/326/327L/326/340L/343/345/726-4/1100-4/1200-05/1550-04 up to 20260205 Improper Access Controls\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://vuldb.com/submit/780443\", \"name\": \"Submit #780443 | D-Link DNS-120/202L/315L/320/320L/320LW/321/322L/323/325/326/327L/326/340L/343/345/726-4/1100-4/1200-05/1550-04 up to 20260205 Improper Access Controls (Duplicate)\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_172/172.md\", \"tags\": [\"related\"]}, {\"url\": \"https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_173/173.md\", \"tags\": [\"exploit\"]}, {\"url\": \"https://www.dlink.com/\", \"tags\": [\"product\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected by this vulnerability is the function FMT_restart/Status_HDInfo/SMART_List/ScanDisk_info/ScanDisk/volume_status/Get_Volume_Mapping/FMT_check_disk_remount_state/FMT_rebuildinfo/FMT_result_list/FMT_result_list_phy/FMT_get_dminfo/FMT_manually_rebuild_info/Get_current_raidtype of the file /cgi-bin/dsk_mgr.cgi. Executing a manipulation can lead to improper access controls. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-284\", \"description\": \"Improper Access Controls\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-266\", \"description\": \"Incorrect Privilege Assignment\"}]}], \"providerMetadata\": {\"orgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"shortName\": \"VulDB\", \"dateUpdated\": \"2026-04-01T20:30:15.569Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-5312\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-02T13:13:05.014Z\", \"dateReserved\": \"2026-04-01T12:13:37.400Z\", \"assignerOrgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"datePublished\": \"2026-04-01T20:30:15.569Z\", \"assignerShortName\": \"VulDB\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.