D-Link DNS-1550-04 dsk_mgr.cgi Get_current_raidtype access control_CVE-2026-5312

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

Description

A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected by this vulnerability is the function FMT_restart/Status_HDInfo/SMART_List/ScanDisk_info/ScanDisk/volume_status/Get_Volume_Mapping/FMT_check_disk_remount_state/FMT_rebuildinfo/FMT_result_list/FMT_result_list_phy/FMT_get_dminfo/FMT_manually_rebuild_info/Get_current_raidtype of the file /cgi-bin/dsk_mgr.cgi. Executing a manipulation can lead to improper access controls. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.

Basic Information

ID CVE-2026-5312

Source VulDB

Published Apr 1, 2026 at 20:30

Modified Apr 2, 2026 at 13:13

Affected Product

Vendor D-Link

Product DNS-120

Version 20260205

Affected Versions D-Link DNS-120 20260205
D-Link DNR-202L 20260205
D-Link DNS-315L 20260205
D-Link DNS-320 20260205
D-Link DNS-320L 20260205
D-Link DNS-320LW 20260205
D-Link DNS-321 20260205
D-Link DNR-322L 20260205
D-Link DNS-323 20260205
D-Link DNS-325 20260205
D-Link DNS-326 20260205
D-Link DNS-327L 20260205
D-Link DNR-326 20260205
D-Link DNS-340L 20260205
D-Link DNS-343 20260205
D-Link DNS-345 20260205
D-Link DNS-726-4 20260205
D-Link DNS-1100-4 20260205
D-Link DNS-1200-05 20260205
D-Link DNS-1550-04 20260205

CWE Classification

CWE-284 CWE-266

References

{
    "lastseen": "",
    "description": "A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected by this vulnerability is the function FMT_restart/Status_HDInfo/SMART_List/ScanDisk_info/ScanDisk/volume_status/Get_Volume_Mapping/FMT_check_disk_remount_state/FMT_rebuildinfo/FMT_result_list/FMT_result_list_phy/FMT_get_dminfo/FMT_manually_rebuild_info/Get_current_raidtype of the file /cgi-bin/dsk_mgr.cgi. Executing a manipulation can lead to improper access controls. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.",
    "published": "2026-04-01T20:30:15.569Z",
    "modified": "2026-04-02T13:13:05.014Z",
    "type": "cve",
    "title": "D-Link DNS-1550-04 dsk_mgr.cgi Get_current_raidtype access control",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/354641\nhttps://vuldb.com/vuln/354641/cti\nhttps://vuldb.com/submit/780442\nhttps://vuldb.com/submit/780443\nhttps://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_172/172.md\nhttps://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_173/173.md\nhttps://www.dlink.com/",
    "id": "CVE-2026-5312",
    "bulletinFamily": "",
    "cwe": [
        "CWE-284",
        "CWE-266"
    ],
    "cvelist": null,
    "sourceData": "D-Link DNS-120 20260205\nD-Link DNR-202L 20260205\nD-Link DNS-315L 20260205\nD-Link DNS-320 20260205\nD-Link DNS-320L 20260205\nD-Link DNS-320LW 20260205\nD-Link DNS-321 20260205\nD-Link DNR-322L 20260205\nD-Link DNS-323 20260205\nD-Link DNS-325 20260205\nD-Link DNS-326 20260205\nD-Link DNS-327L 20260205\nD-Link DNR-326 20260205\nD-Link DNS-340L 20260205\nD-Link DNS-343 20260205\nD-Link DNS-345 20260205\nD-Link DNS-726-4 20260205\nD-Link DNS-1100-4 20260205\nD-Link DNS-1200-05 20260205\nD-Link DNS-1550-04 20260205",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "DNS-120",
    "version": "20260205",
    "vendor": "D-Link",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}