Home / Vulnerability Intelligence / CVE-2026-5215

CVE-2026-5215 - Vulnerability Analysis

MediumCVSS: 4.3

Last Updated: April 2, 2026

D-Link DNS Series - Broken Access Control

Published: March 31, 2026Updated: April 2, 2026PoC Available

Overview

D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205 contain an improper access control vulnerability caused by manipulation in cgi_get_ipv6 function in /cgi-bin/network_mgr.cgi, letting attackers bypass access restrictions, exploit requires no special privileges.

Severity & Score

Severity: Medium

CVSS Score: 4.3

Impact

Attackers can bypass access controls, potentially gaining unauthorized access to device functions or data.

Mitigation

Update to the latest available version.

References

Related Resources

Details

CVE ID: CVE-2026-5215
Severity: Medium
CVSS Score: 4.3
Type: broken_access_control
Status: confirmed

CWE

CWE-266

CVSS Metrics

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N