D-Link DNS Series Buffer Overflow via Local_Backup_Info
CVE-2026-4211 Published on March 16, 2026

D-Link DNS-1550-04 local_backup_mgr.cgi Local_Backup_Info stack-based overflow
A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected by this issue is the function Local_Backup_Info of the file /cgi-bin/local_backup_mgr.cgi. This manipulation of the argument f_idx causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.

NVD

Timeline

Advisory disclosed

VulDB entry created

VulDB entry last update

Weakness Types

What is a Stack Overflow Vulnerability?

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

CVE-2026-4211 has been classified to as a Stack Overflow vulnerability or weakness.

What is a Buffer Overflow Vulnerability?

The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

CVE-2026-4211 has been classified to as a Buffer Overflow vulnerability or weakness.


Affected Versions

D-Link DNS-120: D-Link DNR-202L: D-Link DNS-315L: D-Link DNS-320: D-Link DNS-320L: D-Link DNS-320LW: D-Link DNS-321: D-Link DNR-322L: D-Link DNS-323: D-Link DNS-325: D-Link DNS-326: D-Link DNS-327L: D-Link DNR-326: D-Link DNS-340L: D-Link DNS-343: D-Link DNS-345: D-Link DNS-726-4: D-Link DNS-1100-4: D-Link DNS-1200-05: D-Link DNS-1550-04: