CVE-2026-4196 — MEDIUM (6.3)

Q: How severe is CVE-2026-4196?

CVE-2026-4196 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-4196?

Check the references section above for vendor advisories and patch information. Affected products include: Dlink Dns-1550-04 Firmware, Dlink Dns-1550-04, Dlink Dns-315L Firmware, Dlink Dns-315L, Dlink Dns-320 Firmware.

Vulnerability Description

A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This impacts the function cgi_recovery/cgi_backup_now/cgi_set_schedule/cgi_set_rsync_server of the file /cgi-bin/remote_backup.cgi. The manipulation leads to command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.

CVSS Score

6.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Dlink	Dns-1550-04 Firmware	<= 2026-02-05
Dlink	Dns-1550-04	-
Dlink	Dns-315L Firmware	<= 2026-02-05
Dlink	Dns-315L	-
Dlink	Dns-320 Firmware	<= 2026-02-05
Dlink	Dns-320	-
Dlink	Dns-320L Firmware	<= 2026-02-05
Dlink	Dns-320L	-
Dlink	Dns-320Lw Firmware	<= 2026-02-05
Dlink	Dns-320Lw	-
Dlink	Dns-321 Firmware	<= 2026-02-05
Dlink	Dns-321	-
Dlink	Dns-322L Firmware	<= 2026-02-05
Dlink	Dns-322L	-
Dlink	Dns-323 Firmware	<= 2026-02-05
Dlink	Dns-323	-
Dlink	Dns-325 Firmware	<= 2026-02-05
Dlink	Dns-325	-
Dlink	Dns-326 Firmware	<= 2026-02-05
Dlink	Dns-326	-

Related Weaknesses (CWE)

CWE-74 CWE-77

References

https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_98/98.mdExploitThird Party Advisory
https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_99/99.mdExploitThird Party Advisory
https://vuldb.com/?ctiid.351108Permissions RequiredVDB Entry
https://vuldb.com/?id.351108Third Party AdvisoryVDB Entry
https://vuldb.com/?submit.769855Third Party AdvisoryVDB Entry
https://vuldb.com/?submit.769856Third Party AdvisoryVDB Entry
https://vuldb.com/?submit.769857Third Party AdvisoryVDB Entry
https://vuldb.com/?submit.769858Third Party AdvisoryVDB Entry
https://www.dlink.com/Product

FAQ

What is CVE-2026-4196?

CVE-2026-4196 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726...

How severe is CVE-2026-4196?

CVE-2026-4196 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-4196?

Check the references section above for vendor advisories and patch information. Affected products include: Dlink Dns-1550-04 Firmware, Dlink Dns-1550-04, Dlink Dns-315L Firmware, Dlink Dns-315L, Dlink Dns-320 Firmware.