CVE-2026-4210 - Vulnerability Details

A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected by this vulnerability is the function cgi_tm_set_share of the file /cgi-bin/time_machine.cgi. The manipulation of the argument Name results in command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00627.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
D-link Subscribe	Dnr-202l Subscribe Dnr-322l Subscribe Dnr-326 Subscribe Dns-1100-4 Subscribe Dns-120 Subscribe Dns-1200-05 Subscribe Dns-1550-04 Subscribe Dns-315l Subscribe Dns-320 Subscribe Dns-320l Subscribe Dns-320lw Subscribe Dns-321 Subscribe Dns-323 Subscribe Dns-325 Subscribe Dns-326 Subscribe Dns-327l Subscribe Dns-340l Subscribe Dns-343 Subscribe Dns-345 Subscribe Dns-726-4 Subscribe
Dlink Subscribe	Dnr-202l Subscribe Dnr-202l Firmware Subscribe Dnr-326 Subscribe Dnr-326 Firmware Subscribe Dns-1100-4 Subscribe Dns-1100-4 Firmware Subscribe Dns-120 Subscribe Dns-1200-05 Subscribe Dns-1200-05 Firmware Subscribe Dns-120 Firmware Subscribe Dns-1550-04 Subscribe Dns-1550-04 Firmware Subscribe Dns-315l Subscribe Dns-315l Firmware Subscribe Dns-320 Subscribe Dns-320 Firmware Subscribe Dns-320l Subscribe Dns-320l Firmware Subscribe Dns-320lw Subscribe Dns-320lw Firmware Subscribe Dns-321 Subscribe Dns-321 Firmware Subscribe Dns-322l Subscribe Dns-322l Firmware Subscribe Dns-323 Subscribe Dns-323 Firmware Subscribe Dns-325 Subscribe Dns-325 Firmware Subscribe Dns-326 Subscribe Dns-326 Firmware Subscribe Dns-327l Subscribe Dns-327l Firmware Subscribe Dns-340l Subscribe Dns-340l Firmware Subscribe Dns-343 Subscribe Dns-343 Firmware Subscribe Dns-345 Subscribe Dns-345 Firmware Subscribe Dns-726-4 Subscribe Dns-726-4 Firmware Subscribe

Configuration 1 [-]

AND

cpe:2.3:o:dlink:dnr-202l_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dnr-202l:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:dlink:dnr-326_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dnr-326:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:dlink:dns-1100-4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-1100-4:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:dlink:dns-120_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-120:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:dlink:dns-1200-05_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-1200-05:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:dlink:dns-1550-04_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-1550-04:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:dlink:dns-315l_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-315l:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:dlink:dns-320_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-320:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:dlink:dns-320l_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-320l:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:dlink:dns-320lw_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-320lw:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:dlink:dns-321_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-321:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:dlink:dns-322l_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-322l:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:dlink:dns-323_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-323:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:dlink:dns-325_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-325:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:dlink:dns-326_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-326:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:dlink:dns-327l_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-327l:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:dlink:dns-340l_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-340l:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:dlink:dns-343_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-343:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:dlink:dns-345_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-345:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:dlink:dns-726-4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-726-4:-:*:*:*:*:*:*:*

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
D-link Subscribe	Dnr-202l Subscribe Dnr-322l Subscribe Dnr-326 Subscribe Dns-1100-4 Subscribe Dns-120 Subscribe Dns-1200-05 Subscribe Dns-1550-04 Subscribe Dns-315l Subscribe Dns-320 Subscribe Dns-320l Subscribe Dns-320lw Subscribe Dns-321 Subscribe Dns-323 Subscribe Dns-325 Subscribe Dns-326 Subscribe Dns-327l Subscribe Dns-340l Subscribe Dns-343 Subscribe Dns-345 Subscribe Dns-726-4 Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_159/159.md
https://vuldb.com/?ctiid.351121
https://vuldb.com/?id.351121
https://vuldb.com/?submit.770440
https://www.dlink.com/

History

Thu, 19 Mar 2026 14:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Dlink Dlink dnr-202l Dlink dnr-202l Firmware Dlink dnr-326 Dlink dnr-326 Firmware Dlink dns-1100-4 Dlink dns-1100-4 Firmware Dlink dns-120 Dlink dns-1200-05 Dlink dns-1200-05 Firmware Dlink dns-120 Firmware Dlink dns-1550-04 Dlink dns-1550-04 Firmware Dlink dns-315l Dlink dns-315l Firmware Dlink dns-320 Dlink dns-320 Firmware Dlink dns-320l Dlink dns-320l Firmware Dlink dns-320lw Dlink dns-320lw Firmware Dlink dns-321 Dlink dns-321 Firmware Dlink dns-322l Dlink dns-322l Firmware Dlink dns-323 Dlink dns-323 Firmware Dlink dns-325 Dlink dns-325 Firmware Dlink dns-326 Dlink dns-326 Firmware Dlink dns-327l Dlink dns-327l Firmware Dlink dns-340l Dlink dns-340l Firmware Dlink dns-343 Dlink dns-343 Firmware Dlink dns-345 Dlink dns-345 Firmware Dlink dns-726-4 Dlink dns-726-4 Firmware
CPEs		cpe:2.3:h:dlink:dnr-202l:-:::::::* cpe:2.3:h:dlink:dnr-326:-:::::::* cpe:2.3:h:dlink:dns-1100-4:-:::::::* cpe:2.3:h:dlink:dns-1200-05:-:::::::* cpe:2.3:h:dlink:dns-120:-:::::::* cpe:2.3:h:dlink:dns-1550-04:-:::::::* cpe:2.3:h:dlink:dns-315l:-:::::::* cpe:2.3:h:dlink:dns-320:-:::::::* cpe:2.3:h:dlink:dns-320l:-:::::::* cpe:2.3:h:dlink:dns-320lw:-:::::::* cpe:2.3:h:dlink:dns-321:-:::::::* cpe:2.3:h:dlink:dns-322l:-:::::::* cpe:2.3:h:dlink:dns-323:-:::::::* cpe:2.3:h:dlink:dns-325:-:::::::* cpe:2.3:h:dlink:dns-326:-:::::::* cpe:2.3:h:dlink:dns-327l:-:::::::* cpe:2.3:h:dlink:dns-340l:-:::::::* cpe:2.3:h:dlink:dns-343:-:::::::* cpe:2.3:h:dlink:dns-345:-:::::::* cpe:2.3:h:dlink:dns-726-4:-:::::::* cpe:2.3:o:dlink:dnr-202l_firmware:::::::: cpe:2.3:o:dlink:dnr-326_firmware:::::::: cpe:2.3:o:dlink:dns-1100-4_firmware:::::::: cpe:2.3:o:dlink:dns-1200-05_firmware:::::::: cpe:2.3:o:dlink:dns-120_firmware:::::::: cpe:2.3:o:dlink:dns-1550-04_firmware:::::::: cpe:2.3:o:dlink:dns-315l_firmware:::::::: cpe:2.3:o:dlink:dns-320_firmware:::::::: cpe:2.3:o:dlink:dns-320l_firmware:::::::: cpe:2.3:o:dlink:dns-320lw_firmware:::::::: cpe:2.3:o:dlink:dns-321_firmware:::::::: cpe:2.3:o:dlink:dns-322l_firmware:::::::: cpe:2.3:o:dlink:dns-323_firmware:::::::: cpe:2.3:o:dlink:dns-325_firmware:::::::: cpe:2.3:o:dlink:dns-326_firmware:::::::: cpe:2.3:o:dlink:dns-327l_firmware:::::::: cpe:2.3:o:dlink:dns-340l_firmware:::::::: cpe:2.3:o:dlink:dns-343_firmware:::::::: cpe:2.3:o:dlink:dns-345_firmware:::::::: cpe:2.3:o:dlink:dns-726-4_firmware::::::::
Vendors & Products		Dlink Dlink dnr-202l Dlink dnr-202l Firmware Dlink dnr-326 Dlink dnr-326 Firmware Dlink dns-1100-4 Dlink dns-1100-4 Firmware Dlink dns-120 Dlink dns-1200-05 Dlink dns-1200-05 Firmware Dlink dns-120 Firmware Dlink dns-1550-04 Dlink dns-1550-04 Firmware Dlink dns-315l Dlink dns-315l Firmware Dlink dns-320 Dlink dns-320 Firmware Dlink dns-320l Dlink dns-320l Firmware Dlink dns-320lw Dlink dns-320lw Firmware Dlink dns-321 Dlink dns-321 Firmware Dlink dns-322l Dlink dns-322l Firmware Dlink dns-323 Dlink dns-323 Firmware Dlink dns-325 Dlink dns-325 Firmware Dlink dns-326 Dlink dns-326 Firmware Dlink dns-327l Dlink dns-327l Firmware Dlink dns-340l Dlink dns-340l Firmware Dlink dns-343 Dlink dns-343 Firmware Dlink dns-345 Dlink dns-345 Firmware Dlink dns-726-4 Dlink dns-726-4 Firmware

Mon, 16 Mar 2026 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 16 Mar 2026 10:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		D-link D-link dnr-202l D-link dnr-322l D-link dnr-326 D-link dns-1100-4 D-link dns-120 D-link dns-1200-05 D-link dns-1550-04 D-link dns-315l D-link dns-320 D-link dns-320l D-link dns-320lw D-link dns-321 D-link dns-323 D-link dns-325 D-link dns-326 D-link dns-327l D-link dns-340l D-link dns-343 D-link dns-345 D-link dns-726-4
Vendors & Products		D-link D-link dnr-202l D-link dnr-322l D-link dnr-326 D-link dns-1100-4 D-link dns-120 D-link dns-1200-05 D-link dns-1550-04 D-link dns-315l D-link dns-320 D-link dns-320l D-link dns-320lw D-link dns-321 D-link dns-323 D-link dns-325 D-link dns-326 D-link dns-327l D-link dns-340l D-link dns-343 D-link dns-345 D-link dns-726-4

Mon, 16 Mar 2026 03:45:00 +0000

Type	Values Removed	Values Added
Description		A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected by this vulnerability is the function cgi_tm_set_share of the file /cgi-bin/time_machine.cgi. The manipulation of the argument Name results in command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.
Title		D-Link DNS-1550-04 time_machine.cgi cgi_tm_set_share command injection
Weaknesses		CWE-74 CWE-77
References		https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_159/159.md https://vuldb.com/?ctiid.351121 https://vuldb.com/?id.351121 https://vuldb.com/?submit.770440 https://www.dlink.com/
Metrics		cvssV2_0 `{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-03-16T03:02:16.888Z

Updated: 2026-03-16T15:31:27.493Z

Reserved: 2026-03-15T11:58:18.779Z

Link: CVE-2026-4210

Vulnrichment

Updated: 2026-03-16T15:31:24.841Z

NVD

Status : Analyzed

Published: 2026-03-16T14:20:07.113

Modified: 2026-03-19T14:28:39.767

Link: CVE-2026-4210

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-16T09:58:34Z

Weaknesses

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Exploitation poc

Automatable no

Technical Impact partial

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object