Enviar #769853: D-Link DNS-120/202L/315L/320/320L/320LW/321/322L/323/325/326/327L/340L/343/345/726-4/1100-4/1200-05/1550-04 up to 20260205 Authentication Bypass Issuesinformación

TítuloD-Link DNS-120/202L/315L/320/320L/320LW/321/322L/323/325/326/327L/340L/343/345/726-4/1100-4/1200-05/1550-04 up to 20260205 Authentication Bypass Issues
DescripciónWe identified an authentication bypass vulnerability in a recently released firmware of a D-Link NAS device. This vulnerability allows remote attackers to bypass authentication checks and gain unauthorized access via specially crafted requests.By abusing the cgi_set_wto interface, an attacker can modify the default admin account configuration to achieve persistent privileged access. After establishing this unauthorized persistence, the attacker can access arbitrary management interfaces, and further chain this vulnerability with other authenticated flaws, such as command injection or buffer overflow vulnerabilities, to ultimately gain full control of the device.
Fuente⚠️ https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_96/96.md
Usuario
 pjq123 (UID 86618)
Sumisión2026-03-02 09:52 (hace 2 meses)
Moderación2026-03-15 09:22 (13 days later)
EstadoAceptado
Entrada de VulDB351106 [D-Link DNS-1550-04 hasta 20260205 /cgi-bin/system_mgr.cgi cgi_set_wto escalada de privilegios]
Puntos20

AnteriorVisión De ConjuntoPróximo

Do you know our Splunk app?

Download it now for free!