Platform
dlink
Component
my_vuln
Fixed in
20260205.0.1
20260205.0.1
20260205.0.1
20260205.0.1
20260205.0.1
20260205.0.1
20260205.0.1
20260205.0.1
20260205.0.1
20260205.0.1
20260205.0.1
20260205.0.1
20260205.0.1
20260205.0.1
20260205.0.1
20260205.0.1
20260205.0.1
20260205.0.1
20260205.0.1
20260205.0.1
CVE-2026-5213 is a stack-based buffer overflow vulnerability found in multiple D-Link DNS devices. Specifically, the vulnerability lies within the cgiaddusertosession function in /cgi-bin/accountmgr.cgi, where manipulation of the read_list argument can lead to a buffer overflow. This can be exploited remotely, potentially leading to code execution. The vulnerability affects D-Link DNS devices including DNS-120, DNR-202L, and others up to version 20260205. Currently, there is no official patch available to address this vulnerability.
CVE-2026-5213 affects several D-Link DNS devices, including models like DNS-120, DNR-202L, and others listed, up to the date 20260205. It's a stack-based buffer overflow vulnerability located in the cgiaddusertosession function of the /cgi-bin/accountmgr.cgi file. This flaw allows a remote attacker to manipulate the read_list argument, potentially leading to arbitrary code execution on the device. The vulnerability's severity is rated as CVSS 8.8, indicating a high risk. Successful exploitation could compromise the confidentiality, integrity, and availability of the device, enabling unauthorized access to sensitive data and control of the device itself.
The vulnerability is remotely exploitable, meaning an attacker does not need physical access to the device. An attacker can send a specially crafted request to the /cgi-bin/accountmgr.cgi file to manipulate the readlist argument and trigger the buffer overflow. The ease of exploitation, combined with the wide range of affected devices, makes this vulnerability an attractive target for attackers. Network administrators are advised to take preventative measures to protect their networks and devices.
Exploit Status
EPSS
0.03% (9% percentile)
CISA SSVC
CVSS Vector
Currently, no official fix has been released by D-Link for this vulnerability. The most effective mitigation is to discontinue use of the affected devices until a firmware update is available. As a temporary measure, segmenting affected devices on an isolated network can help limit the potential impact of an exploitation. Actively monitoring device logs for suspicious activity can also aid in detecting and responding to potential attacks. It is advised to contact D-Link for information regarding future security updates.
Update the firmware of your D-Link DNS-1550-04 device to a version later than 20260205 to correct the stack-based buffer overflow vulnerability. Refer to the D-Link website for the latest firmware updates.
Vulnerability analysis and critical alerts directly to your inbox.
Affected devices include DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04 up to the date 20260205.
Currently, no official fix has been released by D-Link.
It is recommended to discontinue use of the device until a firmware update is available. As a temporary measure, isolate the device on a separate network.
Monitor the device logs for unusual or unauthorized activity.
Contact D-Link directly for information regarding future security updates.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.