D-Link DNS Series Improper Access Control in cgi_get_ipv6
CVE-2026-5215 Published on March 31, 2026

D-Link DNS-1550-04 network_mgr.cgi cgi_get_ipv6 access control
A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The impacted element is the function cgi_get_ipv6 of the file /cgi-bin/network_mgr.cgi. Such manipulation leads to improper access controls. The exploit is publicly available and might be used.

NVD

Timeline

Advisory disclosed

VulDB entry created

VulDB entry last update

Weakness Types

What is an Authorization Vulnerability?

The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVE-2026-5215 has been classified to as an Authorization vulnerability or weakness.

Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.


Affected Versions

D-Link DNS-120: D-Link DNR-202L: D-Link DNS-315L: D-Link DNS-320: D-Link DNS-320L: D-Link DNS-320LW: D-Link DNS-321: D-Link DNR-322L: D-Link DNS-323: D-Link DNS-325: D-Link DNS-326: D-Link DNS-327L: D-Link DNR-326: D-Link DNS-340L: D-Link DNS-343: D-Link DNS-345: D-Link DNS-726-4: D-Link DNS-1100-4: D-Link DNS-1200-05: D-Link DNS-1550-04:

Exploit Probability

EPSS
0.04%
Percentile
11.85%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.